[Snort-users] Launching scripts from rules

Ron Van Dam rvandam at ...3564...
Sun Sep 23 11:09:02 EDT 2001


Is there a way to launch a script based upon an event from a .rules file?
For instance, if I recieve a code red or nimda attack, I would like to
launch script that sends back a message to the infected machine to notify
the admin that their box is infected (e.g.
http://somehost/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+NET+SEND+127
.0.0.0.1+%22This+PC+is+infected%22)

Thanks,
Ron





More information about the Snort-users mailing list