Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Nimda 1287 rule

From: "Donofrio, Lewis" <donofrio () umich edu>
Date: Wed, 21 Apr 2004 08:20:47 -0400
Is their a 'great repository' for rules available, I'd like to be as
safe as I can be these days! 
______________________________________________________________________ 
Lewis Donofrio () umich edu      College of Literature, Science, & Arts 
1007 East Huron, Room 201,    BetaID:243340     Cell: (734) 323-8776
Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio Fax: (734) 647-8333 
----------------------------------------------------------------------
()  ascii ribbon campaign - against html mail 
/\         [http://arc.pasp.de/]

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Henderson
Rachel (ITCS) s045
Sent: Wednesday, April 21, 2004 5:14 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Nimda 1287 rule

We're trying snort rules within Inmon and starting with a small rule set
to try to pick up infected machines on our network.  We've got a set for
Nimda, sobig & welchia & keep getting the 1287 event triggered, but the
machines when checked aren't infected.  Is the rule not meant to be
adapted in this way?

Rachel
University of East Anglia,
Norwich
UK




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: