Snort mailing list archives
Code Red Rule?
From: Richard Parker <snort () expressive ltd uk>
Date: Mon, 30 Jul 2001 19:57:07 +0100
Hi, I'm relatively new to snort, could someone comment on this rule for catching Code Red? alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"Code Red default.ida attempt"; flags:PA; content:"GET /default.ida"; nocase;) Is that right? TIA Rich -- Richard Parker, Expressive Limited -> bash luser With what? Your bare hands? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Code Red Rule? Richard Parker (Jul 30)
- RE: Code Red Rule? John Berkers (Jul 31)
- CRv3?? [was RE: Code Red Rule?] Mike Baptiste (Jul 31)
- Re: CRv3?? [was RE: Code Red Rule?] Douglas R. Wilson (Jul 31)
- Re: CRv3?? [was RE: Code Red Rule?] Mike Baptiste (Jul 31)
- Re: CRv3?? [was RE: Code Red Rule?] Andreas Brenk (Jul 31)
- CRv3?? [was RE: Code Red Rule?] Mike Baptiste (Jul 31)
- RE: Code Red Rule? John Berkers (Jul 31)