Snort mailing list archives

Alerts question

From: Randy Ramsdell <rramsdel () comcast net>
Date: Tue, 13 Jul 2004 21:59:03 -0400

I have been getting scanned daily by a host that is infected with "codered". Obviously a web server is running on it and I went there and foundthe typical script trying to push "readme.eml."


So, shouldn't snort catch this?

I just need to know if it should without getting into specifics of myconfiguration.

I read that snort should detect "code red" if you go the the sight, butI am not sure if this is true.





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.

Attend Black Hat Briefings & Training, Las Vegas July 24-29 -digital self defense, top technical experts, no vendor pitches,unmatched networking opportunities. Visit www.blackhat.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Alerts question Randy Ramsdell (Jul 13)
- RE: Alerts question Patrick S. Harper (Jul 14)
- Re: Alerts question Scott Zawalski (Jul 14)
  - Message not available
    - Re: Alerts question Scott Zawalski (Jul 16)