[Snort-users] Please post a good Nachi.B Signature

SN ORT snort_on_acid at ...131...
Mon Feb 23 06:41:01 EST 2004


Yeah real simple. Make your own rules. Have them spot
out anyone scanning on ports 135 and 445 outside your
network. Obviously no one should be scanning outside
your network on these ports. And since the IPs scanned
are random IPs, they will be hitting your default
route. This is the only propogation method, seeking to
exploit the wkssrv.
 

Cheese!

Marc 

>Message: 3
>Date: Sat, 21 Feb 2004 16:08:25 -0800 (PST)
>From: Dan <sophie_bo at ...741...>
>Reply-To: Dan <sophie_bo at ...741...>
>To: Erek Adams <erek at ...950...>, Dan
<sophie_bo at ...741...>
>Subject: Re: [Snort-users] Please post a good Nachi.B
>Signature
>Cc: snort-users at lists.sourceforge.net

>* I had already checked the snort sigs mailing list
>archives to no avail.

>* I help secure a 100,000 + node network. The sig for
>the original Nachi virus worked great.

>Now, can anyone provide some real help and post a
>working sig for Nachi.B?

>Thanks,

>Dan


__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools




More information about the Snort-users mailing list