Snort mailing list archives
Re: Snort-sigs Digest, Vol 113, Issue 19
From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Tue, 27 Oct 2015 15:51:03 -0400
If you have a pcap Austin I'd love to take a look. thanks Alex McDonnell TALOS
Message: 3 Date: Tue, 27 Oct 2015 19:07:57 +0000 From: "Hummert, Austin" <Austin.Hummert () adm com> Subject: [Snort-sigs] question To: "snort-sigs () lists sourceforge net" <snort-sigs () lists sourceforge net> Message-ID: <17339606afd3401fbe7b718adef5cc3c () LDCEX13MB5 na admworld com> Content-Type: text/plain; charset="us-ascii" Hello all, I have a question on a rule that's been firing in my environment. OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (3:36222) I understand the concept of trufflehunter rules, but I'm wondering how other people are handling these. The packets triggering this rule appear to be legitimate outbound traffic, and the destination does not appear to be blacklisted in any way. The problem is I don't know exactly what the rule is looking for so it makes it difficult to verify the traffic itself. Any thoughts on trufflehunter? Thanks, Austin Confidentiality Notice: This message may contain confidential or privileged information, or information that is otherwise exempt from disclosure. If you are not the intended recipient, you should promptly delete it and should not disclose, copy or distribute it to others. -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ ------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! End of Snort-sigs Digest, Vol 113, Issue 19 *******************************************
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-sigs Digest, Vol 113, Issue 19 Alex McDonnell (Oct 27)