[Snort-users] Alerts question

Randy Ramsdell rramsdel at ...5068...
Tue Jul 13 19:01:08 EDT 2004


I have been getting scanned daily by a host that is infected with "code 
red". Obviously a web server is running on it and I went there and found 
the typical script trying to push "readme.eml."

So, shouldn't snort catch this?

I just need to know if it should without getting into specifics of my 
configuration.

I read that snort should detect "code red" if you go the the sight, but 
I am not sure if this is true.






More information about the Snort-users mailing list