On Fri, Jan 23, 2004 at 07:32:31AM -0500, Jim Hendrick wrote:
> To answer your question however, there are very few "normal" programs that
> would send "43ffffff0000000004120" as opposed to "GET / HTTP/1.0".
Where do you draw the line then ? Dozens of plugins send very peculiar
packets (SSL negociations, terminal services recognition, and so on...).
Some of the packets sent are intentionally broken (ie: you're not more
likely to see them on a network than you're likely to see the bagle
probe command), so any virus could "trigger" on them instead.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
