[Snort-users] All snort users -- Rules?

Erek Adams erek at ...577...
Sat Sep 22 13:49:02 EDT 2001

On Sat, 22 Sep 2001, Tim wrote:

> Iam still learning and would like to learn more. Time is not on my side in
> reference to the Nimda attacks. Even though I have locked down our servers
> down with the necessary patches and removal of unnecessary services, I
> believe that our network is stil vurnerable.

Microsoft...  Mmmmm....  Such 'thought' into 'security' in those products...


> I have started to learn snort....but not soon enough....if you would all
> provide me with or point me in the direction where I can find a rule set
> for the nimda virus and its detection/repair/deletion, I would be so ever
> gratefull.

Well, snort can't patch your servers nor remove the virus from the servers.

If you are running with flexresp you could use some of the rules posted to
snort-sigs for nimda to reset the connections.  I don't have them right now,
or else I'd post 'em.

You would really be better off to block them at your router, IMHO.

Hope this helps some!

Erek Adams

More information about the Snort-users mailing list