No subject

Thu Nov 23 16:34:03 EST 2017

alert udp any any -> any 69 (msg:"TFTP GET Admin.dll"; content:
"|0001|"; offset:0; depth:2; content:"admin.dll"; offset:2; nocase;
reference:url,; sid:1289; rev:2;)

also pertains to the attempt to spread infection.

Further information can be found at:

On Tue, 27 May 2003 16:42:00 -0400
Joe Kinsella <jkinsella at ...1541...> said something like:

: I'm new to snort so please forgive me if I am re-treading old ground. 
: installed Snort 2.0 on my IIS web server.  My web server is also
: URLScan to reject specific attacks.  One of the attacks I see
: rejected is Nimda ( 
: did not flag these HTTP requests as attacks - and I scanned the rule
: for a rule that looks like it would have caught Nimda.  Since this
worm has
: been around so long, I am assuming a rule MUST be available for this.
: Advice is appreciated.
: Joe
: -------------------------------------------------------
: This email is sponsored by: ObjectStore.
: If flattening out C++ or Java code to make your application fit in a
: relational database is painful, don't do it! Check out ObjectStore.
: Now part of Progress Software.
: _______________________________________________
: Snort-sigs mailing list
: Snort-sigs at

Nigel Houghton       Security Engineer        Sourcefire Inc.

"I have read of a place where humans do battle in a ring of Jell-O."

More information about the Snort-sigs mailing list