Snort mailing list archives
Re: nimda
From: "J. Craig Woods" <drjung () trismegistus net>
Date: Fri, 12 Jul 2002 15:20:51 -0500
Hugo Ferr wrote:
I just wonder-we're getting hit by bunch of nimda and those e-mails are rejected on our perimeter mail scanner - shouldn't I see some activity in snort regarding nimda? (snort 1.8.6) In snort.conf mail scanner is included in home_net and snort machine is set up to sniff the traffic coming to firewall public ip (mail scanner has dmz address nated to public ip by firewall) So again isn't it strange taht I don't see any nimda activity in snort sdensor?
Maybe I am missing something here, and it would not be the first nor the last time that I missed something but wouldn't your mail scanner be picking traffic up on port 25? Nimda attacks would be on port 80. Furthermore, are you saying that the nimda is part of the email traffic? Not sure what you are saying here. Maybe you could elucidate for us... drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Gadgets, caffeine, t-shirts, fun stuff. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users