[olug] ShellShock packet capture
Justin Reiners
justin at hotlinesinc.com
Mon Sep 29 23:35:06 CDT 2014
Barracuda NG Firewalls started blocking shellshock automagic-ly the day of
the news release with an IPS update. I started receiving alerts out of the
blue from my edge equipment, glad IPS is able to see things like that. So I
can slowly roll updates throughout my infrastructure of 200+ centos
boxes... I haven't been capturing them, but may start aging them off later.
On Mon, Sep 29, 2014 at 7:33 PM, Aric Aasgaard <aric at omahax.com> wrote:
> Are any of you running Snort or a similar IDS that saves alert packets? I
> have had the shell code rules on. You would think that if this exploit was
> used in the past it would show up in IDS logs. It would be interesting to
> see if it was used and who by before it was discovered. I would think any
> place of high security would have seen it very quickly.
>
>
> Sent from my Verizon Wireless 4G LTE Smartphone
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
--
[image: Hotlines Inc] <http://www.partshotlines.com>
Justin Reiners /
800.308.9712/ Justin at HotlinesInc.com
Hotlines Inc Office: 800.807.2867 / Fax: 800.211.0843
427 E. Kanesville Blvd. Suite 403, Council Bluffs, IA 51503
http://www.partshotlines.com
[image: Google Plus] <http://htmlsig.com/#%23%23%23> [image: Linkedin]
<http://htmlsig.com/#%23%23%23> [image: Skype] <http://htmlsig.com/jreiners>
This e-mail message may contain confidential or legally privileged
information and is intended only for the use of the intended recipient(s).
Any unauthorized disclosure, dissemination, distribution, copying or the
taking of any action in reliance on the information herein is prohibited.
E-mails are not secure and cannot be guaranteed to be error free as they
can be intercepted, amended, or contain viruses. Anyone who communicates
with us by e-mail is deemed to have accepted these risks. Company Name is
not responsible for errors or omissions in this message and denies any
responsibility for any damage arising from the use of e-mail. Any opinion
and other statement contained in this message and any attachment are solely
those of the author and do not necessarily represent those of the company.
More information about the OLUG
mailing list