[Snort-sigs] Nimda

Joe Kinsella jkinsella at ...1541...
Tue May 27 14:15:17 EDT 2003


I'm new to snort so please forgive me if I am re-treading old ground.  I've
installed Snort 2.0 on my IIS web server.  My web server is also running
URLScan to reject specific attacks.  One of the attacks I see frequently
rejected is Nimda (http://www.cert.org/advisories/CA-2001-26.html).  Snort
did not flag these HTTP requests as attacks - and I scanned the rule files
for a rule that looks like it would have caught Nimda.  Since this worm has
been around so long, I am assuming a rule MUST be available for this.

Advice is appreciated.

Joe






More information about the Snort-sigs mailing list