[Discussion] Just one question

Matt Jonkman jonkman at jonkmans.com
Thu Mar 19 15:22:47 UTC 2009


How do you mean?

In order to hash and have an md5 to compare the engine would have to
grab and reconstruct the binary. I'm scared of the impact that'd have.

Matt

John Johnson wrote:
>   Hey guys,
> 
>     I'd like to take a sec to go over an idea. It's bad, but what the
> heck. :)
> 
>   There is a post about a new exec going around on the sigs list. I
> downloaded a
>   copy, yup, not flagged by clamav.  Wouldn't it really be nice to have
> a list of md5sum
>   objects that could be a trigger?  I don't mind if it can't be blocked,
> but it sure would
>   be nice to say - it came from this IP at this time. 
> 
>  John
> 
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Discussion mailing list