[Snort-users] NIMDA in Microsoft networks

Frontgate Lab mdiwan at ...200...
Fri Oct 5 13:46:03 EDT 2001


 Snort has a nimda worm signature for its ruleset and yes it can see
netbios traffic.

:)


Just remember that if the worm is on the inside of your network , IE on
your own workstations, you wil have to get snort snorting on the inside
lan . I  would suggest a snort for inside and a snort for outside.. they
can be on the same box .. just run different instances with different
snort.conf files.

you can get it at the home page http://www.snort.org

Madhav



Mariusz Woloszyn wrote:
> 
> Hi!
> 
> I found that NIMDA worm spreads across microsoft networks monitoring
> network activity and copying itselve to all shares with write access.
> 
> Are there any snort to monitor that activity of NIMDA?
> 
> --
> Mariusz Wo3oszyn
> Internet Security Specialist, Internet Partners
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users


Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams




More information about the Snort-users mailing list