[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Snort and SourceFire Compromised

To: joeypork@xxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Snort and SourceFire Compromised
From: Brian <bmc@xxxxxxxxx>
Date: Sun, 21 Sep 2003 05:08:15 -0400

On Sat, Sep 20, 2003 at 10:46:14PM -0700, joeypork@xxxxxxxxxxxx wrote:
> Hey, has anyone else seen this:
> 
> http://www.phrack.nl/phrack62/p62-0x0d.txt
> 
> It looks like the PHC folks are at it again, the above is an article
> on "sneeze", a new script that will generate traffic to trigger on every
> snort rule. 
> 
> Also, appended to the end of the article is the home dirs of everyone
> at Sourcefire/Snort. You can see what is in Marty's directory, etc. Go
> check it out. 

Yes, this was a LONG time ago.  Note that ALL of the date timestamps are 
dashed out.  Gee, I wonder why.  As well as normal incident response,
the entire snort team did a major audit of snort at that time for anything 
injected.

BTW, for those of you wanting the original sneeze, its still available 
online at http://snort.sourceforge.net/sneeze-1.0.tar 

-brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Snort and SourceFire Compromised
  - From: Larry Vaden

References:
- [Full-Disclosure] Snort and SourceFire Compromised
  - From: joeypork

Prev by Date: Re: [Full-Disclosure] Snort and SourceFire Compromised
Next by Date: [Full-Disclosure] Re: idea
Previous by thread: Re: [Full-Disclosure] Snort and SourceFire Compromised
Next by thread: Re: [Full-Disclosure] Snort and SourceFire Compromised
Index(es):
- Date
- Thread