Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Wrong rule's signature for "MS-SQL Worm propagation attempt"

From: "Joshua Berry" <jberry () PENSON COM>
Date: Wed, 28 Jul 2004 08:55:54 -0500
I believe this is a known problem of a previous version of Snort, what
version are you running?

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Phong
Nguyen
Sent: Wednesday, July 28, 2004 8:09 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Wrong rule's signature for "MS-SQL Worm
propagation attempt"

Hello all,

I'm facing a problem that I cannot resolved by myself. My snort is
detecting  
"MS-SQL Worm propagation attempt" alerts but wich are in fact "ICMP
Source 
Quench" alerts !!! I'm sure of that because when I look to the alert, it

shows me a ICMP request (type 4).

Because my firewall is blocking IP address when a "MS-SQL Worm
propagation 
attempt" alert is detected, so are some IP address wrongly blocked when
they 
sent ICMP Source Quench !! 

Could somebody help me please
Thanks a lot

Phong
 
-- 
Nguyen Phong
Axone Services & Developments
2 crs de Rive
1204 GE/CH



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: