[Snort-users] nimda

Hugo Ferr snortgrp at ...125...
Fri Jul 12 12:44:14 EDT 2002


I just wonder-we're getting hit by bunch of nimda and those e-mails are
rejected on our perimeter mail scanner - shouldn't I see some activity in
snort regarding nimda?
(snort 1.8.6)
In snort.conf mail scanner is included in home_net and snort machine is set
up to sniff the traffic coming to firewall public ip (mail scanner has dmz
address nated to public ip by firewall)
So again isn't it strange taht I don't see any nimda activity in snort
sdensor?




More information about the Snort-users mailing list