Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: detecting code red

From: Blake Frantz <blake () mc net>
Date: Fri, 20 Jul 2001 16:30:43 -0500 (CDT)

well..

snort may have died...you may be sniffing the wrong
wire...you might have been hit by a modified version of the red code worm
in which case your rule is "wrong".

-Blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Fri, 20 Jul 2001, Souza, Chris wrote:


I saw traces of the code red worm on my IIS logs but didn't see it on my
alert file on snort.
Has anyone expereinced this or would know why?

Thanks
Chris

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: