[Snort-users] Malware Rules

Bill Warren bwarren at ...12173...
Tue Jul 27 09:16:33 EDT 2004


All,

Along the lines of the virus rules that where posted, I have found 
person who writes malware rules.  
http://www.geocities.com/yosponge/updates.html
The person who writes them is great and likes feedback.  I have used 
them on my Snort and Snort-inline boxes.

I first used them on my Snort box only to find the people who had the 
malware.  Then I turned it off, then turned it on in my Snort-inline box 
to drop the junk leaving.  The Snort-inline box log increases 1 meg a 
day.  That got the manager attation.  We are now doing cleanup.

-- 

**********************************
Bill Warren
Optivel, Inc.
E-mail: bwarren at ...12173...
Voice:  317.275.2305
Fax:    317.275.2301
Web:    http://www.optivel.com
**********************************




More information about the Snort-users mailing list