Re: NIMDA in Microsoft networks

["Frontgate Lab" <mdiwan () wagweb com>]

 Snort has a nimda worm signature for its ruleset and yes it can see
netbios traffic.

:)


Just remember that if the worm is on the inside of your network , IE on
your own workstations, you wil have to get snort snorting on the inside
lan . I  would suggest a snort for inside and a snort for outside.. they
can be on the same box .. just run different instances with different
snort.conf files.

you can get it at the home page http://www.snort.org

Madhav



Mariusz Woloszyn wrote:
> Hi!
>
> I found that NIMDA worm spreads across microsoft networks monitoring
> network activity and copying itselve to all shares with write access.
>
> Are there any snort to monitor that activity of NIMDA?
>
> --
> Mariusz Wo3oszyn
> Internet Security Specialist, Internet Partners
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users


Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If 
the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication in error, please notify us immediately by 
replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users