[Snort-users] Alerts question
rramsdel at ...5068...
Tue Jul 13 19:01:08 EDT 2004
I have been getting scanned daily by a host that is infected with "code
red". Obviously a web server is running on it and I went there and found
the typical script trying to push "readme.eml."
So, shouldn't snort catch this?
I just need to know if it should without getting into specifics of my
I read that snort should detect "code red" if you go the the sight, but
I am not sure if this is true.
More information about the Snort-users