Snort mailing list archives
Re: Antwort: The new Code Alert
From: "J. C. Woods" <drjung () sprynet com>
Date: Tue, 07 Aug 2001 03:41:17 -0500
ks () schuricht de wrote:
Hi Anthony,It seems the code alert 2 becomes crasy here (Los angeles) I keep receiving 1 alert / 2 minutes of a new attack. (web dir, web command attempt.)In Bremen/Germany the same :) The logfile from yesterday is about 4.7 MB of size...in the meantime our firewalls have blocked traffic from round about 1800 hosts that seems to be infected... Hope we can stop this 'tcpspam' :) Best regards, Kai.
It seems the code alert 2 becomes crasy here (Los angeles) I keep receiving 1 alert / 2 minutes of a new attack. (web dir, web command attempt.) -----Original Message----- From: Migus, Adam [mailto:Adam_Migus () NAI com] Sent: Monday, August 06, 2001 1:38 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Definitive Code Red rule Ok so there's a thousand emails going around about the Code Red Worm. So what is the definitive rule/signature for snort 1.7 and 1.8 that people are using? Adam
Yea, just to check in from Dallas, TX, it is crazy here too. I am rotating logs daily, something I usually do weekly, and they are still reaching 5mgs before I rotate. Yes, your description fits nicely, "tcpspam". And, hell, I don't even run IIS, and would not if Gates paid me to do so..... Weathering the storm, drjung -- J. Craig Woods UNIX SA -Art is the illusion of spontaneity- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Antwort: The new Code Alert ks (Aug 07)
- Re: Antwort: The new Code Alert J. C. Woods (Aug 07)