Snort mailing list archives

RES: detecting code red

From: "Marcus Rocha" <mvrocha () brfree com br>
Date: Sat, 21 Jul 2001 09:54:00 -0300

Some of the CR scans I've received where cought by other rules. Maybe you
should check the payloads of other snort alerts and look for CR signature.

Regards,
Marcus


well..

snort may have died...you may be sniffing the wrong
wire...you might have been hit by a modified version of the red code worm
in which case your rule is "wrong".

-Blake

=================================================================
The Government, like diapers, should be replaced regularly, and
often for the same reasons.

On Fri, 20 Jul 2001, Souza, Chris wrote:

I saw traces of the code red worm on my IIS logs but didn't see it on my
alert file on snort.
Has anyone expereinced this or would know why?

Thanks
Chris

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

detecting code red Souza, Chris (Jul 20)
- Re: detecting code red Ryan Russell (Jul 20)
- Re: detecting code red Blake Frantz (Jul 20)
  - RES: detecting code red Marcus Rocha (Jul 21)