nimda

["Olensky, Sven" <sol () intelispan net>]

check this out http://208.193.197.48/ <http://208.193.197.48/> 
 
thats one of the source IPs. opens a second window, offers readme.exe as
download.
 
jesus.

-----Original Message-----
From: snortlst snortlst [mailto:snortlst () hotmail com]
Sent: Tuesday, September 18, 2001 12:13 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] General info


I couldn't find the explanation for pretty simple questions on the snort
site, so maybe you can clarify this:
1. When you compare traffic to the rules what are the options - alerts are
sent to syslog or database, or file,that's o.k., but can you for example
drop connection if it conflicts with snort rules?What else can you do to
malicious conenctions?
2.I don't think mysql is an option for me, is ACID simplier to confiure than
mysql?
3. Can I generate HTML reports if I log to ACID?