Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[Snort-users] Nimda 1287 rule
.

  • To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
  • Subject: [Snort-users] Nimda 1287 rule
  • From: "Henderson Rachel (ITCS) s045" <[EMAIL PROTECTED]>
  • Date: Wed, 21 Apr 2004 10:13:51 +0100
  • Sender: [EMAIL PROTECTED]
.
 
We're trying snort rules within Inmon and starting with a small rule set to
try to pick up infected machines on our network.  We've got a set for Nimda,
sobig & welchia & keep getting the 1287 event triggered, but the machines
when checked aren't infected.  Is the rule not meant to be adapted in this
way?

Rachel
University of East Anglia,
Norwich
UK



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
[EMAIL PROTECTED]
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.