[Snort-users] nimda

Olensky, Sven sol at ...2229...
Tue Sep 18 10:15:01 EDT 2001


check this out http://208.193.197.48/ <http://208.193.197.48/> 
 
thats one of the source IPs. opens a second window, offers readme.exe as
download.
 
jesus.

-----Original Message-----
From: snortlst snortlst [mailto:snortlst at ...125...]
Sent: Tuesday, September 18, 2001 12:13 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] General info


I couldn't find the explanation for pretty simple questions on the snort
site, so maybe you can clarify this:
1. When you compare traffic to the rules what are the options - alerts are
sent to syslog or database, or file,that's o.k., but can you for example
drop connection if it conflicts with snort rules?What else can you do to
malicious conenctions?
2.I don't think mysql is an option for me, is ACID simplier to confiure than
mysql?
3. Can I generate HTML reports if I log to ACID?
 
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010918/ecbdf52f/attachment.html>


More information about the Snort-users mailing list