Re: Worm detection in LAN

[reshma purushothaman <reshmapurushothaman () gmail com>]

On Tue, Dec 11, 2012 at 9:29 AM, Balasubramaniam Natarajan <
bala150985 () gmail com> wrote:

> On Sat, Dec 8, 2012 at 6:01 AM, reshma purushothaman <
> reshmapurushothaman () gmail com> wrote:
>
> > Hello
> >
> > We are trying to implement a project using SNORT tool. It is a client
> > –server communication system. On receiving the packet from a system which
> > has a worm, the snort tool in the server needs to detect the address of the
> > client  from which the packet was sent and also  reject the packet. The
> > server needs to get the information regarding the IP address of the client,
> > the file name of the rejected packet and also a confirmation that the
> > packet has been rejected.
>
> What is that you are looking in the packet which signifies worm activity ?
>
>
> --
> Regards,
> Balasubramaniam Natarajan
> www.blog.etutorshop.com
>
> hai...
    Thankx  for your responds..
 we only need the IP address of the client who send worm affected packet,
also want to get the file name of th rejected packet with confirmation,
from the snort tool. we don't want all the details regarding  data
transmission in LAN with and without affected packets..

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!