Ethereal-users: Re: [Ethereal-users] Repository for capture filters?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Stef <stefmit@xxxxxxxxx>
Date: Wed, 17 Nov 2004 19:09:31 -0600
Then why not "translating" these - first - into filters, as much as possible:
http://www.bleedingsnort.com/
and
http://www.snort.org/snort-db/

Stef

P.S. I may be the only one thinking this way - but I have installed
snort (which is - in fact - yet another sniffer, basically, the way
Marty started it) on the same iBook as ethereal, and using them as
appropriate ...


On Wed, 17 Nov 2004 11:58:47 -0800, Roger Smith <rogers@xxxxxxxx> wrote:
> I asked this question awhile back but got little, if any, response.
> 
> I think it would be good to have a location (in the FAQ?) to keep helpful
> capture filters for various exploits.  I have two from a while back.
> 
> Welchia:
> cmp[icmptype]==icmp-echo and ip[2:2]==92 and icmp[8:4]==0xAAAAAAAA
> 
> Blaster:
> dst port 135 and tcp port 135 and ip[2:2]==48
> 
> As more experience Ethereal users write elegant filters for an exploit, it
> would be good to have a specific location where other users could go to get
> them and help clean their networks.
> 
> Thanks!
> 
> Roger Smith                       | Opinions are my own.
> Application Manager               | Reunited Adoptee
> Tulare County Office of Education | Owner of CA Adoptees Mailing List
> 559-733-6027   FAX 559-625-9581   | Moderator of soc.adoption.adoptees
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>