Hosting Provided By

[Snort-sigs] Nimda

From: Joe Kinsella <jkinsella(at)silverbacktech.com>
Date: Tue May 27 2003 - 16:42:00 EDT

I'm new to snort so please forgive me if I am re-treading old ground. I've installed Snort 2.0 on my IIS web server. My web server is also running URLScan to reject specific attacks. One of the attacks I see frequently rejected is Nimda (http://www.cert.org/advisories/CA-2001-26.html). Snort did not flag these HTTP requests as attacks - and I scanned the rule files for a rule that looks like it would have caught Nimda. Since this worm has been around so long, I am assuming a rule MUST be available for this.

Advice is appreciated.

Joe

This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Tue May 27 17:51:44 2003

This message: [ Message body ]
Next message: Matt Kettler: "Re: [Snort-sigs] Nimda"
Previous message: Matt Kettler: "Re: [Snort-sigs] SMTP rcpt to sed command attempt"
Next in thread: Nigel Houghton: "Re: [Snort-sigs] Nimda"
Reply: Nigel Houghton: "Re: [Snort-sigs] Nimda"
Reply: Matt Kettler: "Re: [Snort-sigs] Nimda"
Reply: Joe Kinsella: "RE: [Snort-sigs] Nimda"
Reply: Michael Breton: "[Snort-sigs] What does this mean?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:29 EDT