[Snort-users] Nimda 1287 rule

Henderson Rachel (ITCS) s045 Rachel.Henderson at ...11681...
Wed Apr 21 02:20:13 EDT 2004


We're trying snort rules within Inmon and starting with a small rule set to
try to pick up infected machines on our network.  We've got a set for Nimda,
sobig & welchia & keep getting the 1287 event triggered, but the machines
when checked aren't infected.  Is the rule not meant to be adapted in this
way?

Rachel
University of East Anglia,
Norwich
UK





More information about the Snort-users mailing list