Snort mailing list archives

Re: Anyone got a sig for SMB Nimda?

From: Brian <bmc () snort org>
Date: Tue, 2 Oct 2001 09:05:41 -0400

According to Jason Haar:

If no-one has done it, can someone tell me how to read SMB packets so as to
write a rule that alerts on any SMB session containing the string
"readme.exe"?


Robert Graham posted one to FOCUS-IDS a while back.  I've added that
signature and a number of others.  For simplicity, I have attached those 
signatures.

[Shouldn't we start a set of "smb.rules"?]


Already exists.  netbios.rules

-- 
You are a very redundant person, that's what kind of person you are.

Attachment: sigs
Description:

Current thread:

Anyone got a sig for SMB Nimda? Jason Haar (Oct 01)
- couple questions Ilya (Oct 01)
- Re: Anyone got a sig for SMB Nimda? Brian (Oct 02)