Full Disclosure mailing list archives
Re: Snort and SourceFire Compromised
From: Brian <bmc () snort org>
Date: Sun, 21 Sep 2003 05:08:15 -0400
On Sat, Sep 20, 2003 at 10:46:14PM -0700, joeypork () hushmail com wrote:
Hey, has anyone else seen this: http://www.phrack.nl/phrack62/p62-0x0d.txt It looks like the PHC folks are at it again, the above is an article on "sneeze", a new script that will generate traffic to trigger on every snort rule. Also, appended to the end of the article is the home dirs of everyone at Sourcefire/Snort. You can see what is in Marty's directory, etc. Go check it out.
Yes, this was a LONG time ago. Note that ALL of the date timestamps are dashed out. Gee, I wonder why. As well as normal incident response, the entire snort team did a major audit of snort at that time for anything injected. BTW, for those of you wanting the original sneeze, its still available online at http://snort.sourceforge.net/sneeze-1.0.tar -brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Snort and SourceFire Compromised joeypork (Sep 21)
- Re: Snort and SourceFire Compromised V.O. (Sep 21)
- Re: Snort and SourceFire Compromised Brian (Sep 21)
- Re: Snort and SourceFire Compromised Larry Vaden (Sep 21)