Looking for a site that examines current/known viruses, and discusses or details the way they'll look on a sniffer. Frame sizes, payload of frames, and TCP/UDP port numbers. Does anyone know of a site like this?
Most of the AV software sites are written from the perspective of the PC, not from the network. I'm looking to isolate/quarantine users by examining traffic patterns.
Thanks in advance.
Virus Questions Networking Perspective
-
noel
- Super Poster!
- Posts: 10003
- Joined: August 22, 2002, 1:34 am
- Gender: Male
- Location: Calabasas, CA
Virus Questions Networking Perspective
Oh, my God; I care so little, I almost passed out.
-
Syenye Squirrellyelf
- Gets Around
- Posts: 139
- Joined: September 5, 2002, 6:11 pm
not sure what you're looking for but you can look at the snort rules. their format is pretty simple and gives a lot of information, including port and payload content.
http://www.snort.org
http://www.snort.org
-
Arborealus
- Way too much time!
- Posts: 3417
- Joined: September 21, 2002, 5:36 am
- Contact:
I always start with http://www.incidents.org excellent overview of current trends and projections. And drills each incident to as much detailed as any sys admin/network admin could desire. Includes ports of concern and unique packets for most known viruses, trojans etc...
