lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: akloster at spp.org (Alan Kloster) Subject: Snorting Nachi FYI, Nachi worm ICMP attempts are showing up on Snort as ICMP PING CyberKit 2.2 Windows alerts with a datagram length of 92: alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING CyberKit 2.2 Windows"; content:"|aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa|"; itype:8; depth:32; reference:arachnids,154; classtype:misc-activity; sid:483; rev:2;) (from icmp.rules) Alan Kloster