[Snort-users] Nimda 1287 rule

Henderson Rachel (ITCS) s045 Rachel.Henderson at ...11681...
Wed Apr 21 02:20:13 EDT 2004

We're trying snort rules within Inmon and starting with a small rule set to
try to pick up infected machines on our network.  We've got a set for Nimda,
sobig & welchia & keep getting the 1287 event triggered, but the machines
when checked aren't infected.  Is the rule not meant to be adapted in this

University of East Anglia,

More information about the Snort-users mailing list