jkinsella at ...1541...
Tue May 27 14:15:17 EDT 2003
I'm new to snort so please forgive me if I am re-treading old ground. I've
installed Snort 2.0 on my IIS web server. My web server is also running
URLScan to reject specific attacks. One of the attacks I see frequently
rejected is Nimda (http://www.cert.org/advisories/CA-2001-26.html). Snort
did not flag these HTTP requests as attacks - and I scanned the rule files
for a rule that looks like it would have caught Nimda. Since this worm has
been around so long, I am assuming a rule MUST be available for this.
Advice is appreciated.
More information about the Snort-sigs