[Emerging-Sigs] [Spam] Re: Rule 2014267

Lay, James james.lay at wincofoods.com
Mon Oct 24 14:05:33 EDT 2011


> -----Original Message-----
> From: Martin Holste [mailto:mcholste at gmail.com]
> Sent: Monday, October 24, 2011 11:07 AM
> To: Matthew Jonkman
> Cc: Lay, James; emerging-sigs at emergingthreats.net
> Subject: [Spam] Re: [Emerging-Sigs] Rule 2014267
> Importance: Low
> 
> I second not running SHELLCODE on your primary "alert" instance if it
is
> high-traffic.  You should run sigs like this (and I would say SCAN as
well),
> but on a "secondary" instance that provides supplemental data to your
more
> actionable alerts.


Excellent...thanks gents.

James


More information about the Emerging-sigs mailing list