Snort mailing list archives

non-standard ping messages

From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 21 Jan 2014 15:03:07 -0700

With the recent revelations of the Target breach, I was wondering if there is an existing rule that watches for 
non-standard ping messages crossing the network?  That was one of the indicators in this incident and that seems like 
something useful to look for anyway, so maybe there is already a rule either in VRT or ET the ruleset.  Does anyone 
know of an existing rule?

Thanks!
Shawn

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

non-standard ping messages Jefferson, Shawn (Jan 21)
- Re: non-standard ping messages James Lay (Jan 21)