[Snort-users] All snort users -- Rules?

Erek Adams erek at ...577...
Sat Sep 22 13:49:02 EDT 2001


On Sat, 22 Sep 2001, Tim wrote:

> Iam still learning and would like to learn more. Time is not on my side in
> reference to the Nimda attacks. Even though I have locked down our servers
> down with the necessary patches and removal of unnecessary services, I
> believe that our network is stil vurnerable.

Microsoft...  Mmmmm....  Such 'thought' into 'security' in those products...

;-P

> I have started to learn snort....but not soon enough....if you would all
> provide me with or point me in the direction where I can find a rule set
> for the nimda virus and its detection/repair/deletion, I would be so ever
> gratefull.

Well, snort can't patch your servers nor remove the virus from the servers.

If you are running with flexresp you could use some of the rules posted to
snort-sigs for nimda to reset the connections.  I don't have them right now,
or else I'd post 'em.

You would really be better off to block them at your router, IMHO.

Hope this helps some!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list