Why dont you build a snort signature for it first (what bleeding or VRT dont have one yet???)? Seeing how you guys run snort on your network ;)
So chalk it up guys, they use snort and McAfee, care to tell us your firewall types? Maybe an admin pw or something? Dre On 12/9/05, Michael Holstein <[EMAIL PROTECTED]> wrote: > > If any of you can name any big network which is using Snort as an > > example, it will be very helpful. > > /16 on a DS-3 here. Snort on a p4 3.2ghz box, with a fairly large > ruleset (not the whole thing, but all the VRT ones, plus a bunch of > bleeding ones, plus a bunch of overrides. > > I have it configured to automatically shutdown infected ports (not > something it does natively .. a lot of Perl + MySQL + pixie dust). > > Rock solid. Thanks Marty :) > > Cheers, > > Michael Holstein CISSP GCIA > Cleveland State University On 12/9/05, Michael Holstein <[EMAIL PROTECTED]> wrote: > > Looks like some overzealous idiot at McAfee added "Trojan" signatures for > > 202 files in the latest version of the Metasploit Framework. If you use > > the Framework for your job and have a McAfee support contract, *please* > > call them and let them know that their product is incorrectly tagging a > > standard security tool as a "Trojan" and that this is interfering with > > your ability to conduct business. > > A gun is a legitimate tool too .. except when it's in criminal hands. > > McAfee (and any other A/V product) let you configure exceptions/overrides. > > In my enterprise environment (McAfee, BTW), I would *want* copies of > Metasploit yanked automatically from a PC. > > My $0.02 > > Michael Holstein CISSP GCIA > Cleveland State University > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
