Date: Tue, 18 Sep 2001 16:31:46 -0500 From: "Derek O'Flynn" <derekoflynn@hotmail.com> To: freebsd-security@freebsd.org Subject: NIMDA Virus Message-ID: <F143IQrttDRdNOUivlQ00013ed8@hotmail.com>
next in thread | raw e-mail | index | archive | help
Has anyone successfully written a rule for snort to alert to this? I'm currently running snort 1.8 with flex-resp. I would like to have a rule that identifies the attacks and then sends the tcp_rst command so that the worm can't infect new machines. I have the information for the rule, just need to know what to put in the content field to verify that it is nimda. Thanks, Derek O'Flynn _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F143IQrttDRdNOUivlQ00013ed8>