Date: Tue, 18 Sep 2001 13:33:45 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: "Derek O'Flynn" <derekoflynn@hotmail.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: NIMDA Virus Message-ID: <20010918133322.R85958-100000@localhost> In-Reply-To: <F143IQrttDRdNOUivlQ00013ed8@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's what I'm using: FTCBFzaDxAzpRQEAAIl9DGoIjUX0V1Doo2IAAIPEDI1F9MdF9B4AAACJtcT\+\/\/9QjYXA\/v\/\/V1BX The \'s are because this filter is using perl regexp patching. On Tue, 18 Sep 2001, Derek O'Flynn wrote: > Has anyone successfully written a rule for snort to alert to this? > > I'm currently running snort 1.8 with flex-resp. > > I would like to have a rule that identifies the attacks and then sends the > tcp_rst command so that the worm can't infect new machines. I have the > information for the rule, just need to know what to put in the content field > to verify that it is nimda. > > Thanks, > Derek O'Flynn > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010918133322.R85958-100000>