Snort mailing list archives

Snort doesn't detect W32/Opaserv.worm attack

From: jo cam <jo.cam () caramail com>
Date: Tue, 26 Nov 2002 08:31:24 GMT+1

Hi,

A variant of this worm (INSTIT.BAT) was discovered
recently. On NAI AVERT web page, they give infection mode.
The worm use NetBIOS for NT traffic (UDP port 137).

The default netbios.rules check NetBIOS traffic (TCP
port 139). Could anyone have rules to detect the activity
of this worm ?

I use MDK 8.2 (kernel 2.4.18) and snort 1.8.4.

Regards,

JO

_________________________________________________________
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35 Hors coût du SMS)

Current thread:

Snort doesn't detect W32/Opaserv.worm attack jo cam (Nov 26)
- Re: Snort doesn't detect W32/Opaserv.worm attack Scott Nursten (Nov 26)