[Snort-sigs] Netsky.c + others? attachment sid

John B. cybergolfing at ...144...
Tue Mar 2 12:58:03 EST 2004


Correction. My rule was correct, my typing was
incorrect.

A method for detecting infected hosts could be:
 
 alert tcp !$TRUSTED_SMTP_SERVERS any > any 25
 


--- "John B." <cybergolfing at ...144...> wrote:
>  
> > I set the port to any instead of 25 because the
> > virus sends also over 
> > other ports.
> 
> src port could be "any" but dest port should still
> be
> 25.
> 
> A method for detecting infected hosts could be:
> 
> alert tcp !$TRUSTED_SMTP_SERVERS any >
> !$TRUSTED_SMTP_SERVERS 25
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you’re looking for faster
> http://search.yahoo.com
> 
> 
>
-------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps
> Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
>
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/snort-sigs


__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com




More information about the Snort-sigs mailing list