Snort mailing list archives
Re: Witty worm sig
From: Tod Beardsley <todb () planb-security net>
Date: Tue, 23 Mar 2004 08:26:03 -0600
Dave Ellingsberg wrote:
I have tested this on our internet access point and it gets the attack everytime. May need some more tweaking as more info comes out.
There are more accurate signatures now available through Oinkmaster, posted on snort-sigs. However, I like simple sigs like the one you posted -- it does the job of picking out this first worm variant, and it's e-z-2-read, which I find valuable. -- "It's okay to yell 'fire' in a crowded theater if the theater is actually on fire." Tod Beardsley | www.planb-security.net ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Witty worm sig Dave Ellingsberg (Mar 23)
- Re: Witty worm sig Tod Beardsley (Mar 23)