Snort mailing list archives
RE: Wrong rule's signature for "MS-SQL Worm propagation attempt"
From: "Joshua Berry" <jberry () PENSON COM>
Date: Wed, 28 Jul 2004 08:55:54 -0500
I believe this is a known problem of a previous version of Snort, what version are you running? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Phong Nguyen Sent: Wednesday, July 28, 2004 8:09 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Wrong rule's signature for "MS-SQL Worm propagation attempt" Hello all, I'm facing a problem that I cannot resolved by myself. My snort is detecting "MS-SQL Worm propagation attempt" alerts but wich are in fact "ICMP Source Quench" alerts !!! I'm sure of that because when I look to the alert, it shows me a ICMP request (type 4). Because my firewall is blocking IP address when a "MS-SQL Worm propagation attempt" alert is detected, so are some IP address wrongly blocked when they sent ICMP Source Quench !! Could somebody help me please Thanks a lot Phong -- Nguyen Phong Axone Services & Developments 2 crs de Rive 1204 GE/CH ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Wrong rule's signature for "MS-SQL Worm propagation attempt" Phong Nguyen (Jul 28)
- <Possible follow-ups>
- RE: Wrong rule's signature for "MS-SQL Worm propagation attempt" Joshua Berry (Jul 28)