[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1062680910.5637.15.camel@Mars>
From: justin.tan at extol.com.my (Justin Tan)
Subject: Snort on a Bootable FreeBSD CD to catch Nachi,
Blaster & Sobig
On Thu, 2003-09-04 at 20:45, Paul Schmehl wrote:
>Just curious - what sigs are you using for detection?
Nachi & Sobig.F - by you, Paul Schmehl(pauls@...allas.edu).
Msblaster by Brian Caswell <bmc@...rcefire.com> & Nigel Houghton
<nigel.houghton@...rcefire.com>
(http://www.snort.org/snort-db/sid.html?sid=2192)
Nachi and Sobig.F tested, works fine. Great job there. Only problem is
with a possible false positive (Sobig.F sig) with Crystal Reports
listening oo port 8998.
Justin.
Powered by blists - more mailing lists