|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian Caswell (bmc
mitre.org)Date: Thu Jun 21 2001 - 13:56:17 CDT
George Yobst wrote:
> I was just reading this article about how Gibson Research
> was knocked off the net ( http://grc.com/dos/grcdos.htm ).
> Near the end of the article was a section on detecting these
> bots. As a new snort user, I can probably RTM and create
> some rules that create an alert for ports 6667 and 113,
> but how do I test it? -George
heh.
oooooh a spy bot. WOW!!! You could write your own spy bot in some
super leet language like TCL or something. Mad leet yo.
Then you too can *STOP* those *EVIL* hackers!!!!
Am I the only person that is tired of hearing about how Steve Gibson
is the greatest anti-hacker in the world?
alert tcp any any -> any 6667 (msg:"Evil HACKERS!!! stop the evil
HACKERS!!!";)
alert udp any any -> any 666 (msg:"We are under *ATTACK* by UDP
PACKETS!!!";)
alert icmp any any -> any any (msg:"DoS!!! DoS!!! We are under
attack by DoS!!!";)
-brian
.ps This is personal opinion only. I'm talking on the behalf of
myself and myself only.
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]