Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Antwort: The new Code Alert

From: ks () schuricht de
Date: Tue, 7 Aug 2001 09:10:33 +0200

Hi Anthony,


It seems the code alert 2 becomes crasy here
(Los angeles) I keep receiving 1 alert / 2 minutes
of a new attack. (web dir, web command attempt.)


In Bremen/Germany the same :) The logfile from yesterday is about
4.7 MB of size...in the meantime our firewalls have blocked traffic
from round about 1800 hosts that seems to be infected...

Hope we can stop this 'tcpspam' :)

Best regards,
  Kai.

--
Abt. eBusiness / Entwicklung
D. Schuricht GmbH & Co. KG
http://www.schuricht.de



                                                                                                              
                    Anthony Geoffron                                                                          
                    <anthonyg () passinglane com>           An:     "'snort-users () lists sourceforge net'"        
                    Gesendet von:                        <snort-users () lists sourceforge net>                  
                    snort-users-admin@lists.sourc        Kopie:                                               
                    eforge.net                           Thema:  [Snort-users] The new Code Alert             
                                                                                                              
                                                                                                              
                    06.08.01 23:27                                                                            
                                                                                                              
                                                                                                              




It seems the code alert 2 becomes crasy here
(Los angeles) I keep receiving 1 alert / 2 minutes
of a new attack. (web dir, web command attempt.)





-----Original Message-----
From: Migus, Adam [mailto:Adam_Migus () NAI com]
Sent: Monday, August 06, 2001 1:38 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Definitive Code Red rule


Ok so there's a thousand emails going around about the Code Red Worm.  So
what is the definitive rule/signature for snort 1.7 and 1.8 that people are
using?

Adam

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: