[Snort-sigs] Netsky.c + others? attachment sid

John B. cybergolfing at ...144...
Tue Mar 2 10:44:07 EST 2004

> I set the port to any instead of 25 because the
> virus sends also over 
> other ports.

src port could be "any" but dest port should still be

A method for detecting infected hosts could be:

alert tcp !$TRUSTED_SMTP_SERVERS any >

Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster

More information about the Snort-sigs mailing list