Snort mailing list archives
RE: Latest libpcap & tcpdump sources from tcpdump.o rg contain a trojan.
From: Christopher Lyon <cslyon () netsvcs com>
Date: Wed, 13 Nov 2002 11:49:51 -0800
Here is a discussion page from Slashdot. Most of you probably have it already but here is it anyway. http://slashdot.org/articles/02/11/13/1255243.shtml?tid=172 According to the source code posted it should be an easy rule on Snort to see if you are detected. Maybe something like this: alert tcp any any -> 212.146.0.34 1963 (msg:"Libpcap0.7.1 Trojan" I haven't seen it yet but maybe some one else has. -----Original Message----- From: Freeman, Wayne [mailto:Wayne.Freeman () aspentech com] Sent: Wednesday, November 13, 2002 11:13 AM To: 'hackerwacker' Cc: 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Latest libpcap & tcpdump sources from tcpdump.o rg contain a trojan. Has anyone been able to locate a secondary verification of this identified trojan code in these programs from another source (securitytracker, CERT, AV, anywhere? -----Original Message----- From: hackerwacker [mailto:hackerwacker () cybermesa com] Sent: Wednesday, November 13, 2002 11:27 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Latest libpcap & tcpdump sources from tcpdump.org contain a trojan. http://hlug.fscker.com/ ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Latest libpcap & tcpdump sources from tcpdump.o rg contain a trojan. Christopher Lyon (Nov 13)
- Re: Latest libpcap & tcpdump sources from tcpdump.o rg contain a trojan. hackerwacker (Nov 13)