[Snort-users] All snort users -- Rules?
erek at ...577...
Sat Sep 22 13:49:02 EDT 2001
On Sat, 22 Sep 2001, Tim wrote:
> Iam still learning and would like to learn more. Time is not on my side in
> reference to the Nimda attacks. Even though I have locked down our servers
> down with the necessary patches and removal of unnecessary services, I
> believe that our network is stil vurnerable.
Microsoft... Mmmmm.... Such 'thought' into 'security' in those products...
> I have started to learn snort....but not soon enough....if you would all
> provide me with or point me in the direction where I can find a rule set
> for the nimda virus and its detection/repair/deletion, I would be so ever
Well, snort can't patch your servers nor remove the virus from the servers.
If you are running with flexresp you could use some of the rules posted to
snort-sigs for nimda to reset the connections. I don't have them right now,
or else I'd post 'em.
You would really be better off to block them at your router, IMHO.
Hope this helps some!
More information about the Snort-users