> What is the best way to have snort detect network worms, I know this
> depends on the virus, and then once detected send an email stating that.
>
> Is the only method to create a custom rule depending on the virus or
> does snort have some rules built in that will detect some netowrk worms
> or all?
>
> For example if you have a firewall and want to detect when a network
> worm is active on one side of the frewall is snort the way to do it?
For something like this, you might want to join the snort lists and ask... The
last time I dealt with Snort they had almost 1500 rules in it for all sorts of
things. I would suspect that the number has probably risen quite a bit since
then...
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)