Snort mailing list archives

RE: Alerts question

From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Wed, 14 Jul 2004 05:42:59 -0500

Do you have that rule enabled and is your IDS placed so it can see the
traffic to and from that server? 




Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Randy Ramsdell
Sent: Tuesday, July 13, 2004 8:59 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Alerts question


I have been getting scanned daily by a host that is infected with "code
red". Obviously a web server is running on it and I went there and found the
typical script trying to push "readme.eml."

So, shouldn't snort catch this?

I just need to know if it should without getting into specifics of my
configuration.

I read that snort should detect "code red" if you go the the sight, but I am
not sure if this is true.




-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 7/12/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 7/12/2004
 



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Alerts question Randy Ramsdell (Jul 13)
- RE: Alerts question Patrick S. Harper (Jul 14)
- Re: Alerts question Scott Zawalski (Jul 14)
  - Message not available
    - Re: Alerts question Scott Zawalski (Jul 16)