Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BugBear worm

From: Shane Williams <shanew () shanew net>
Date: Fri, 18 Jul 2003 11:29:35 -0500 (CDT)
Well, I would recommend looking at the headers of the messages
themselves, but if you really want a rule, check the archives from
around June 7-8.  There was an original rule suggestion, and I then
offered up a different content text that (from my experience) seemed
to be more tuned.

On Fri, 18 Jul 2003, Always Bishan wrote:


Hi Snorters,

We have a client who are facing a BugBear worm attack
in their network. They are not able to locate the
source of this worms.
Can we detect BugBear using SNort?
Do we have rules to detect it?

Regards,
BIshan

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew () shanew net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: