Snort mailing list archives
Re: detecting code red
From: Blake Frantz <blake () mc net>
Date: Fri, 20 Jul 2001 16:30:43 -0500 (CDT)
well.. snort may have died...you may be sniffing the wrong wire...you might have been hit by a modified version of the red code worm in which case your rule is "wrong". -Blake ================================================================= The Government, like diapers, should be replaced regularly, and often for the same reasons. On Fri, 20 Jul 2001, Souza, Chris wrote:
I saw traces of the code red worm on my IIS logs but didn't see it on my alert file on snort. Has anyone expereinced this or would know why? Thanks Chris _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- detecting code red Souza, Chris (Jul 20)
- Re: detecting code red Ryan Russell (Jul 20)
- Re: detecting code red Blake Frantz (Jul 20)
- RES: detecting code red Marcus Rocha (Jul 21)