Hosting Provided By

[Snort-devel] Re: [Full-Disclosure] Snort and SourceFire Compromised

From: Brian <bmc(at)snort.org>
Date: Sun Sep 21 2003 - 05:08:15 EDT

On Sat, Sep 20, 2003 at 10:46:14PM -0700, joeypork@hushmail.com wrote:
> Hey, has anyone else seen this:
>
> http://www.phrack.nl/phrack62/p62-0x0d.txt
>
> It looks like the PHC folks are at it again, the above is an article
> on "sneeze", a new script that will generate traffic to trigger on every
> snort rule.
>
> Also, appended to the end of the article is the home dirs of everyone
> at Sourcefire/Snort. You can see what is in Marty's directory, etc. Go
> check it out.

Yes, this was a LONG time ago. Note that ALL of the date timestamps are dashed out. Gee, I wonder why. As well as normal incident response, the entire snort team did a major audit of snort at that time for anything injected.

BTW, for those of you wanting the original sneeze, its still available online at http://snort.sourceforge.net/sneeze-1.0.tar

-brian

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Sun Sep 21 05:21:29 2003

This message: [ Message body ]
Next message: Brian: "[Snort-devel] Re: Snort and SourceFire "Backdoored""
Previous message: Ravi Kumar: "[Snort-devel] tool test IDS"
In reply to: joeypork(at)hushmail.com: "[Snort-devel] Snort and SourceFire Compromised"
Reply: joeypork(at)hushmail.com: "[Snort-devel] Snort and SourceFire "Backdoored""

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:09 EDT