![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Anyone got a sig for SMB Nimda?
From: Brian <bmc () snort org>
Date: Tue, 2 Oct 2001 09:05:41 -0400
According to Jason Haar:
If no-one has done it, can someone tell me how to read SMB packets so as to write a rule that alerts on any SMB session containing the string "readme.exe"?
Robert Graham posted one to FOCUS-IDS a while back. I've added that signature and a number of others. For simplicity, I have attached those signatures.
[Shouldn't we start a set of "smb.rules"?]
Already exists. netbios.rules -- You are a very redundant person, that's what kind of person you are.
Attachment:
sigs
Description:
Current thread:
- Anyone got a sig for SMB Nimda? Jason Haar (Oct 01)
- couple questions Ilya (Oct 01)
- Re: Anyone got a sig for SMB Nimda? Brian (Oct 02)