Page 1 of 1

Virus Questions Networking Perspective

Posted: April 21, 2004, 6:22 pm
by noel
Looking for a site that examines current/known viruses, and discusses or details the way they'll look on a sniffer. Frame sizes, payload of frames, and TCP/UDP port numbers. Does anyone know of a site like this?

Most of the AV software sites are written from the perspective of the PC, not from the network. I'm looking to isolate/quarantine users by examining traffic patterns.

Thanks in advance.

Posted: April 21, 2004, 9:05 pm
by Syenye Squirrellyelf
not sure what you're looking for but you can look at the snort rules. their format is pretty simple and gives a lot of information, including port and payload content.

http://www.snort.org

Posted: April 22, 2004, 9:21 am
by Arborealus
I always start with http://www.incidents.org excellent overview of current trends and projections. And drills each incident to as much detailed as any sys admin/network admin could desire. Includes ports of concern and unique packets for most known viruses, trojans etc...