[Snort-users] Detecting worms

Maetzky, Steffen (Extern) Steffen.Maetzky at ...11508...
Wed Aug 18 01:22:28 EDT 2004

 ....to block all known worms...?

Do you use available rules for it or would you share your rules?

Thanks in advance,


-----Ursprüngliche Nachricht-----
Von: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] Im Auftrag von Alex
Butcher, ISC/ISYS
Gesendet: Dienstag, 17. August 2004 09:42
An: Rogier Gerritse; snort-users at lists.sourceforge.net
Betreff: Re: [Snort-users] Snort 1.9.1/Spade/Snortcenter

--On 10 August 2004 16:56 +0200 Rogier Gerritse <Rogier at ...12273...>

> First post on this list so: "Hi all"
> I'm running Snort on RH7.3 I've used the document by Steven J. Scott 
> and the systems been running stable for a while now. I was using Snort 
> 2.1.3 and used the react:block response to block all known worm and 
> virus traffic which worked fine.
> Now I'm running Snort 1.9.1 and Spade 030125.1. When I add the Spade 
> detector rules the following happens in SnortCenter 0.9.6:

SPADE isn't supported by Snortcenter. My advice is to give up on Snortcenter
now, or start hacking on Snortcenter2

Best Regards,
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list