RE: Re: hmm...nimda RICHED20.DLL alarms

["Ronneil Camara" <ronneilc () remingtonltd com>]

Then the best way is to create a bpf filter so that your sensor only detects attack coming from the outside.
something like

snort blah blah blah ...... src net 192.168.0.0/24

I'm sure there but am not in front of my sensor now.

-> -----Original Message-----
-> From: Ryan Drogo [mailto:rydrogo () ucsd edu]
-> Sent: Tuesday, January 22, 2002 8:54 AM
-> To: snort-users () lists sourceforge net
-> Subject: [Snort-users] Re: hmm...nimda RICHED20.DLL alarms
-> 
-> 
-> I've seen this also, and it seems to be to be happening
-> whenever users log on to a win2k domain. The file is
-> coming from some deep subdirectory of the users' 
-> profile directory, as some part of the office 2000 settings.
-> I'm not sure why this file gets moved, but it does. hope
-> that helps somewhat.
-> 
-> Ryan Drogo
-> System Administrator
-> UCSD Bioengineering
-> -------------------------------------------------------
-> It is not enough to have a good mind;
-> the main thing is to apply it well.
->   -- René Descartes
-> -------------------------------------------------------
-> 
-> 
-> 
-> 
-> 
-> _______________________________________________
-> Snort-users mailing list
-> Snort-users () lists sourceforge net
-> Go to this URL to change user options or unsubscribe:
-> https://lists.sourceforge.net/lists/listinfo/snort-users
-> Snort-users list archive:
-> http://www.geocrawler.com/redir-sf.php3?list=ort-users
-> 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users