Snort mailing list archives
RE: [Snort-sigs] Triangle Boy
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Wed, 7 Aug 2002 14:41:41 -0400
All the reports say it's available in Source Code from their site ... but wait a sec ... safeweb.com doesn't seem to be responding ... weird ... John -----Original Message----- From: O'Flynn, Derek [mailto:DOFlyn () lsuhsc edu] Sent: Tuesday, July 23, 2002 12:40 PM To: snort-sigs () lists sourceforge net Subject: RE: [Snort-sigs] Triangle Boy Triangle boy spoofs the IP on the returning packet to be the "triangle" client, thereby hiding the safeweb servers. Check out the link John provided they explain it in detail. I don't see this as being such a large problem since there is no mass way of downloading the program yet. If it does show up on download.com or even a link on their site, then I would consider it a problem. I would like to see if there is a signature somewhere, I'm trying to find the executable, at which point I can work on a signature, but as of yet, don't have the executable in hand. If someone has the link to download it please post it. Derek -----Original Message----- From: John Sage [mailto:jsage () finchhaven com] Sent: Monday, July 22, 2002 5:22 PM To: snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Triangle Boy On Mon, Jul 22, 2002 at 11:22:52AM -0700, Florin Andrei wrote:
http://siliconvalley.internet.com/news/article.php/707911 Anyone has sigs for this nasty little baby? -- Florin Andrei Don't break things that don't need to be broken while you're fixing things that really need fixing.
My personal take: this is *almost* as much vaporware as they accuse PeekaBooty of being.. It's certainly a great deal of PR fluff. While PeekaBooty supposedly works from a "..distributed server cloud.." (in other words, you don't really know *where* a specific set of content is coming from), apparently Triangle Boy works by using "..the SafeWeb server, which returns the requested page directly to the client browser.." So how are they going to hide the SafeWeb server's IP address, or the IP addresses of their server farm? Block that, and you've got them by the -- um.. -- you get the idea... - John -- "Cowardly refusing to create an empty archive." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [Snort-sigs] Triangle Boy Hicks, John (Aug 07)