|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Snort-sigs] Nimda
From: Matt Kettler <mkettler(at)evi-inc.com>
Date: Tue May 27 2003 - 18:00:25 EDT
This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Tue May 27 18:37:27 2003
Date: Tue May 27 2003 - 18:00:25 EDT
Snort should catch the directory traversal attempts from Nimda with the
default ruleset.
Some things to check:
- what is HTTP_PORTS defined as in snort.conf.. if you have a comma in there, look no further.. comma separated lists are NOT supported here, just single ports or : separated ranges.
- what are HTTP_SERVERS, and EXTERNAL_NET defined as in snort.conf? How do the destination and source addresses of the attacks relate to these ranges? (ie: is the source included in EXTERNAL_NET and the targeted server in HTTP_SERVERS).
- are you using stream4?
- what kind of dropped-packet rate are you getting?
At 04:42 PM 5/27/2003 -0400, Joe Kinsella wrote:
>I'm new to snort so please forgive me if I am re-treading old ground. I've
This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Tue May 27 18:37:27 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:29 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |