[Snort-users] Nimda 1287 rule

Donofrio, Lewis donofrio at ...1052...
Thu Apr 22 08:22:01 EDT 2004


Anyone care to assist? 

______________________________________________________________________ 
Lewis Donofrio at ...1052...      College of Literature, Science, & Arts 
1007 East Huron, Room 201,    BetaID:243340     Cell: (734) 323-8776
Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio Fax: (734) 647-8333 
----------------------------------------------------------------------
()  ascii ribbon campaign - against html mail 
/\         [http://arc.pasp.de/]

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Donofrio,
Lewis
Sent: Wednesday, April 21, 2004 8:21 AM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Nimda 1287 rule

Is their a 'great repository' for rules available, I'd like to be as
safe as I can be these days! 
______________________________________________________________________ 
Lewis Donofrio at ...1052...      College of Literature, Science, & Arts 
1007 East Huron, Room 201,    BetaID:243340     Cell: (734) 323-8776
Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio Fax: (734) 647-8333
----------------------------------------------------------------------
()  ascii ribbon campaign - against html mail 
/\         [http://arc.pasp.de/]

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Henderson
Rachel (ITCS) s045
Sent: Wednesday, April 21, 2004 5:14 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Nimda 1287 rule

We're trying snort rules within Inmon and starting with a small rule set
to try to pick up infected machines on our network.  We've got a set for
Nimda, sobig & welchia & keep getting the 1287 event triggered, but the
machines when checked aren't infected.  Is the rule not meant to be
adapted in this way?

Rachel
University of East Anglia,
Norwich
UK




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux
tutorial presented by Daniel Robbins, President and CEO of GenToo
technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users






More information about the Snort-users mailing list