[Snort-users] Wrong rule's signature for "MS-SQL Worm propagation attempt"
nguyen.phong at ...12197...
Wed Jul 28 06:10:05 EDT 2004
I'm facing a problem that I cannot resolved by myself. My snort is detecting
"MS-SQL Worm propagation attempt" alerts but wich are in fact "ICMP Source
Quench" alerts !!! I'm sure of that because when I look to the alert, it
shows me a ICMP request (type 4).
Because my firewall is blocking IP address when a "MS-SQL Worm propagation
attempt" alert is detected, so are some IP address wrongly blocked when they
sent ICMP Source Quench !!
Could somebody help me please
Thanks a lot
Axone Services & Developments
2 crs de Rive
More information about the Snort-users