[Snort-users] DOS rules for Nimda

Madziarczyk, Jonathan than at ...3657...
Thu Sep 26 08:24:02 EDT 2002


>Even Better (assuming that you have Cisco):
>
>http://www.cisco.com/warp/public/63/nimda.shtml 

If you use this, please make sure you have IOS ver 12.2(10a) or higher.
There's a bug where it doesn't catch all packets if you have a "log"
statement in an ACL that is applied to the same interface.

Otherwise it works great!

My .02
~than




More information about the Snort-users mailing list