[Emerging-Sigs] [Spam] Re: Rule 2014267

Lay, James james.lay at wincofoods.com
Mon Oct 24 14:05:33 EDT 2011

> -----Original Message-----
> From: Martin Holste [mailto:mcholste at gmail.com]
> Sent: Monday, October 24, 2011 11:07 AM
> To: Matthew Jonkman
> Cc: Lay, James; emerging-sigs at emergingthreats.net
> Subject: [Spam] Re: [Emerging-Sigs] Rule 2014267
> Importance: Low
> I second not running SHELLCODE on your primary "alert" instance if it
> high-traffic.  You should run sigs like this (and I would say SCAN as
> but on a "secondary" instance that provides supplemental data to your
> actionable alerts.

Excellent...thanks gents.


More information about the Emerging-sigs mailing list