[Snort-sigs] Signatures for .ida attempt
rroot at ...254...
Tue Jan 15 13:58:41 EST 2002
I've been using a windows build of snort for about a month now.
I have caught a few .ida attempts which have slipped past the
rule sets for some reason. <all within the past week>
Going over the web-iis.rules which contain the .ida attempt rules,
I can not figure out where / why the rules are not catching the
attempt to install the worm.
Would this be the correct forum to cut & paste the packets, for
discussion on creating <or modifying> a rule to catch these?
More information about the Snort-sigs