Nimda Snort Rules
Source: snort.org - Posted by Chris Pallack   
Intrusion Detection Everyone and their brother has put out an advisory on NIMDA, the latest worm to thrash IExplore, Outlook Express, and IIS. This worm does a number of cute things that are well documented in the SANS advisory available here.. . . Everyone and their brother has put out an advisory on NIMDA, the latest worm to thrash IExplore, Outlook Express, and IIS. This worm does a number of cute things that are well documented in the SANS advisory available here.

Snort 1.8.1 included signatures to detect most of the attacks used by NIMDA already, but just incase you need a refresher the signatures are included here.

Read this full article at snort.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!