Snort mailing list archives
Re: worms detection
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 8 Dec 2014 16:26:22 +0000
On Dec 8, 2014, at 11:01 AM, Eugeniu Babin <eugen.babin () gmail com> wrote: Hi All, I have a question regarding the possibility to catch worms activity by using SNORT. Currently I have SNORT 2.9.7 (with Personal subscription for Rules 29 USD/Year) running and sniffing a part of the network. I'm sure that some of stations are infected with Conficker worm (for example), but unfortunately My snort is quiet about this.
If you are running Snort with the ruleset on a business network, you should be using the business license.
So: Q1: Is snort capable to detect such worms like conficker ?
Yes.
Q2: If Yes should I be able to identify worms with My Personal subscription ?
Yes.
Q3: Should I upgrade to Business subscription?
If running on a business network, yes.
Thank You, Eugene ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- worms detection Eugeniu Babin (Dec 08)
- Re: worms detection Joel Esler (jesler) (Dec 08)