[Snort-sigs] Signatures for .ida attempt

robert rroot at ...254...
Tue Jan 15 13:58:41 EST 2002


I've been using a windows build of snort for about a month now.
I have caught a few .ida attempts which have slipped past the 
rule sets for some reason. <all within the past week>

Going over the web-iis.rules which contain the .ida attempt rules,
I can not figure out where / why the rules are not catching the 
attempt to install the worm.

Would this be the correct forum to cut & paste the packets, for 
discussion on creating <or modifying> a rule to catch these?

Robert




More information about the Snort-sigs mailing list