Snort mailing list archives
Re: Virus - Possible scr Worm
From: Alberto Gonzalez <electron () wwjh net>
Date: Tue, 11 Mar 2003 09:04:47 -0500 (EST)
hi
{ sigh.. }
while retreiving my mails from my pop server I got this alert in ACID I looked at the data payload, it had one .scr file. So it means it was I virus ? Does this .scr extension relates to a virus ?
What rule triggered the alert? Do you have a packet dump? We can't determine _anything_ from your post. You have to be more specific. Also, you _wont_ learn anything by posting every single question you have, as stated by Erek Adams, snort has extensive documentation. If you don't understand what the alerts are, there are plenty of books that cover intrusion detection systems. "Intrusion Detection: An Analyst's Handbook" 3rd edition has quite a few chapters on snort. This will help you in your journery... Don't you think its time you crossed the street without someone holding your hand?
Regards, Bishan
Cheers! Alberto Gonzalez -- "Success comes to the person who does today, what you are thinking of doing tomorrow." ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Virus - Possible scr Worm Always Bishan (Mar 11)
- Re: Virus - Possible scr Worm Alberto Gonzalez (Mar 11)
- Re: Virus - Possible scr Worm Always Bishan (Mar 11)
- Re: Virus - Possible scr Worm Matt Richard (Mar 11)
- Re: Virus - Possible scr Worm Alberto Gonzalez (Mar 11)