[Tfug] Snort and detecting Network Worms
elemint at theriver.com
elemint at theriver.com
Thu Jul 29 16:19:27 MST 2004
What is the best way to have snort detect network worms, I know this
depends on the virus, and then once detected send an email stating that.
Is the only method to create a custom rule depending on the virus or
does snort have some rules built in that will detect some netowrk worms
or all?
For example if you have a firewall and want to detect when a network
worm is active on one side of the frewall is snort the way to do it?
Jim
More information about the tfug
mailing list