[Snort-users] Nimda 1287 rule

Donofrio, Lewis donofrio at ...1052...
Wed Apr 21 05:21:08 EDT 2004


Is their a 'great repository' for rules available, I'd like to be as
safe as I can be these days! 
______________________________________________________________________ 
Lewis Donofrio at ...1052...      College of Literature, Science, & Arts 
1007 East Huron, Room 201,    BetaID:243340     Cell: (734) 323-8776
Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio Fax: (734) 647-8333 
----------------------------------------------------------------------
()  ascii ribbon campaign - against html mail 
/\         [http://arc.pasp.de/]

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Henderson
Rachel (ITCS) s045
Sent: Wednesday, April 21, 2004 5:14 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Nimda 1287 rule

We're trying snort rules within Inmon and starting with a small rule set
to try to pick up infected machines on our network.  We've got a set for
Nimda, sobig & welchia & keep getting the 1287 event triggered, but the
machines when checked aren't infected.  Is the rule not meant to be
adapted in this way?

Rachel
University of East Anglia,
Norwich
UK






More information about the Snort-users mailing list