Why dont you build a snort signature for it first (what bleeding or VRT dont have one yet???)? Seeing how you guys run snort on your network ;)
Because I'll catch the kiddies when they try and actually use Metasploit on something, and then they'll get expelled from school after a student conduct hearing.
So chalk it up guys, they use snort and McAfee, care to tell us your firewall types? Maybe an admin pw or something?
Intersting point about using list comments for recon .. but we're a state institution, so you could legally get copies of all our purchase orders, bids, etc .. and figure out where we buy lightbulbs, drain cleaner, or firewalls for that matter.
Cheers, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
