cmg at ...26...
Mon Sep 24 19:05:02 EDT 2001
Joe McAlerney <joey at ...80...> writes:
> I have heard about the successes of using flexible response for stopping
> Code Red. It may be worthwhile to try the same with the rest of the
> virus rules. Of course, this is not a substitute for antivirus software
> for the obvious reasons, but it would certainly add another level of
All but 3 of the virus rules seem to be triggered on pop-3 sessions
which you're just going to annoy some remote user trying to pop their
mail if you flexresp it.
Same goes for the ones that are a mail server, they'll just try, try
again thinking this machine is on a downtrodden portion of the
Chris Green <cmg at ...26...>
This is my signature. There are many like it but this one is mine.
More information about the Snort-sigs