Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Nimda 1287 rule

From: "Henderson Rachel (ITCS) s045" <Rachel.Henderson () uea ac uk>
Date: Wed, 21 Apr 2004 10:13:51 +0100
We're trying snort rules within Inmon and starting with a small rule set to
try to pick up infected machines on our network.  We've got a set for Nimda,
sobig & welchia & keep getting the 1287 event triggered, but the machines
when checked aren't infected.  Is the rule not meant to be adapted in this
way?

Rachel
University of East Anglia,
Norwich
UK



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: