See http://honeynet.org/node/388 for snort signatures for .a and .b
variants.
- d.
On Tue, 31 Mar 2009, Steven Fischer wrote:
Is anyone aware of any network-based signatures that could be used to
identify and tag IP traffic, for dropping at the ingress/egress points?
On Tue, Mar 31, 2009 at 9:41 AM, JoeSox <joe...@gmail.com> wrote:
I am uncertain also. I scan a subnet on my network with Axence
NetTools looking for 445 port and I receive some hits. I perform a
netstat -a some of those results but don't really see any 445
activity. The SCS script doesn't find anything either. The PCs are
patched and virusscan updated. One PC when I connected to it did not
navigate to Windowsupdate website. I scheduled a Full McAfee scan as
their documentation suggests
(
http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf
),
and sometime through the scan I was able to reach windowsupdate. I
don't know if it was a coincidence or not that I was not able to reach
the website. I haven't looked into the registry and any other places
for evidence of conficker. I will probably today but I am afraid it
maybe a waste of time since they are already patched and updated.
--
Joe
On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski <eric-l...@truenet.com>
wrote:
> Joe,
Here's the link for the Python Crypto toolkit:
http://www.amk.ca/python/code/crypto.html
I scanned our internal network and didn't find anything, so I can't
really
vouch for it's reliablity though.
--
Dominic J. Eidson
"Baruk Khazad! Khazad ai-menu!" - Gimli
----------------------------------------------------------------------------
http://www.dominiceidson.com/
