Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: worms detection

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 8 Dec 2014 16:26:22 +0000


On Dec 8, 2014, at 11:01 AM, Eugeniu Babin <eugen.babin () gmail com> wrote:

Hi All,
I have a question regarding the possibility to catch worms activity by using SNORT.
Currently I have SNORT 2.9.7 (with Personal subscription for Rules 29 USD/Year) running and sniffing a part of the  
network. I'm sure that some of stations are infected with Conficker worm (for example), but unfortunately My snort is 
quiet about this.


If you are running Snort with the ruleset on a business network, you should be using the business license.


So:
Q1: Is snort capable to detect such worms like conficker ?


Yes.


Q2: If Yes should I be able to identify worms with My Personal subscription ?


Yes.


Q3: Should I upgrade to Business subscription?


If running on a business network, yes.





Thank You,
Eugene

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Attachment: smime.p7s
Description: 

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: