[Snort-users] worms detection

Joel Esler (jesler) jesler at ...589...
Mon Dec 8 11:26:22 EST 2014


> On Dec 8, 2014, at 11:01 AM, Eugeniu Babin <eugen.babin at ...11827...> wrote:
> 
> Hi All,
> I have a question regarding the possibility to catch worms activity by using SNORT.
> Currently I have SNORT 2.9.7 (with Personal subscription for Rules 29 USD/Year) running and sniffing a part of the  network. I'm sure that some of stations are infected with Conficker worm (for example), but unfortunately My snort is quiet about this.

If you are running Snort with the ruleset on a business network, you should be using the business license.

> So:
> Q1: Is snort capable to detect such worms like conficker ?

Yes.

> Q2: If Yes should I be able to identify worms with My Personal subscription ?

Yes.

> Q3: Should I upgrade to Business subscription?

If running on a business network, yes.



> 
> Thank You,
> Eugene
> 
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141208/01ba9288/attachment.bin>


More information about the Snort-users mailing list