[Dshield] Re: HTTP logging using Netcat

Jos Geluk j-No-Spam-geluk at wanadoo.nl
Tue May 7 16:11:47 GMT 2002


Ed Truitt wrote:

> As far as getting "that clever", you can either download Snort, untar it,
> and read the rules files - or, you can get experience (for example, a
> specific series of requests indicates Nimda, another specific request
> indicates CR, etc.) by looking at 'em for awhile.  Or, you can download
> Snort, install it, and see what else is floating around on your network.

Thanks Ed. I had already considered Snort but thought it would be a 
little too much just for this purpose. I may install it anyway.

Jos.




More information about the list mailing list