[Snort-sigs] Netsky.c + others? attachment sid

John B. cybergolfing at ...144...
Tue Mar 2 10:44:07 EST 2004


 
> I set the port to any instead of 25 because the
> virus sends also over 
> other ports.

src port could be "any" but dest port should still be
25.

A method for detecting infected hosts could be:

alert tcp !$TRUSTED_SMTP_SERVERS any >
!$TRUSTED_SMTP_SERVERS 25

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com




More information about the Snort-sigs mailing list