lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <409525F8.7491.AAC1E47@localhost>
Date: Sun, 02 May 2004 16:46:48 +0100
From: "Martin Overton" <martin@...chnophiliac.com>
To: bugtraq@...urityfocus.com
Subject: W32/Sasser a and b SNORT Sigs


Hi,

To save my SNORT sigs board going into meltdown, I sm posting my Sasser 
snort sigs here for all interested parties.

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"W32/Sasser.worm.a 
[NAI])"; content:"|BC 3B 74 0B 50 8B 3D E8 46 A7 3D 09 85 B8 F8 CD 76 40 
DE 7C 5B 5C D7 2A A8 E8 58 75 62 96 25 24|"; classtype:misc-
activity;rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"W32/Sasser.worm.b 
[NAI])"; content:"|58 BC 0C FF 59 57 32 31 BD EC 34 64 6E D6 E3 8D 65 04 
68 58 62 79 DF D8 2C 25 6A B5 28 BA 13 74|"; classtype:misc-
activity;rev:1;)

Regards,
Martin Overton
-- 
Anti-Malware Specialist - WildList Reporter - AVIEN Charter member
Electronic Ephemera - Hoax FAQ http://arachnophiliac.com/hoax
Arachnid and Snake Wrangler - http://arachnophiliac.com/burrow/home.htm
PGP key - http://arachnid.homeip.net/papers/other/MartinOverton.asc
QFTD='Never could any increase of comfort or security be a sufficient good 
to be bought at the price of liberty.' - Hilaire Belloc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ