[Snort-users] MS-SQL Worm Signature
radamson at ...2127...
Sat Jan 25 10:07:03 EST 2003
Interesting... looks like maybe the Dell support site was hit. Its
still off line as of noon (CST).
> Here are a few details from the Security Incidents list:
> After some well needed coffee, I'm going to look into this in more detail.
> At 11:06 AM 1/25/2003, Frank Reid wrote:
> >This rule gives me an error (aside from the trailing semicolon)...
> >anyone have a working version? Thanks!
> >-----Original Message-----
> >hi all, i've done a simple signature for detecting this worm, it should
> >work (or at least, it works here :P)
> >alert udp $EXTERNAL_NET any -> $HOME_NET 1434 (msg:"HELL-SQL Worm Scan";
> >If there are errors plz correct me, thanx a lot to all, happy fishing :)
More information about the Snort-users