Dailydave mailing list archives
Re: The Hydrogen hundred dollar challenge
From: Brian <bmc () snort org>
Date: Tue, 12 Apr 2005 11:42:15 -0400
On Mon, Apr 11, 2005 at 11:49:15PM -0400, Dave Aitel wrote:
I was reading a weblog the other day, where a person complained because Hydrogen (http://www.immunitysec.com/products-hydrogen.shtml) was too hard to write a Snort signature for. I guess my position is that if your network can be owned by less than 100K of code which I wrote in my spare time five years ago, then it's time to upgrade to a system that can't. Anyways, I will give $100 dollars to the first person who posts a snort or nfr signature that can detect my private (slightly modded) version of Hydrogen. (i.e. make it reasonably generic, and let's not have it false-positive every time I browse the web). The idea here is to show that everything doesn't have to be spoon-fed to you Gerber-style.
Does my 30 second grep of your code get me a beer? On a valid tcp session: if (first packet from client 4 bytes in length, store that as A) and if (next packet from client, A bytes in length) and if (first packet form server, 4 bytes in length, store that as B) and if (next packet from server, B bytes in length) Say "Hi dave!" Brian _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Hydrogen hundred dollar challenge Dave Aitel (Apr 11)
- Re: The Hydrogen hundred dollar challenge Brian (Apr 12)
- Re: The Hydrogen hundred dollar challenge Dave Aitel (Apr 12)
- Re: The Hydrogen hundred dollar challenge Neil (Apr 12)
- Re: The Hydrogen hundred dollar challenge Jason (Apr 12)
- Re: The Hydrogen hundred dollar challenge Dave Aitel (Apr 12)
- Re: The Hydrogen hundred dollar challenge Brian (Apr 12)
- <Possible follow-ups>
- Re: The Hydrogen hundred dollar challenge Ron Gula (Apr 14)