[Snort-users] Worm detection in LAN
reshmapurushothaman at ...11827...
Tue Dec 11 05:43:37 EST 2012
On Tue, Dec 11, 2012 at 9:29 AM, Balasubramaniam Natarajan <
bala150985 at ...11827...> wrote:
> On Sat, Dec 8, 2012 at 6:01 AM, reshma purushothaman <
> reshmapurushothaman at ...11827...> wrote:
>> We are trying to implement a project using SNORT tool. It is a client
>> –server communication system. On receiving the packet from a system which
>> has a worm, the snort tool in the server needs to detect the address of the
>> client from which the packet was sent and also reject the packet. The
>> server needs to get the information regarding the IP address of the client,
>> the file name of the rejected packet and also a confirmation that the
>> packet has been rejected.
> What is that you are looking in the packet which signifies worm activity ?
> Balasubramaniam Natarajan
Thankx for your responds..
we only need the IP address of the client who send worm affected packet,
also want to get the file name of th rejected packet with confirmation,
from the snort tool. we don't want all the details regarding data
transmission in LAN with and without affected packets..
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users