[Dshield] Re: HTTP logging using Netcat
j-No-Spam-geluk at wanadoo.nl
Tue May 7 16:11:47 GMT 2002
Ed Truitt wrote:
> As far as getting "that clever", you can either download Snort, untar it,
> and read the rules files - or, you can get experience (for example, a
> specific series of requests indicates Nimda, another specific request
> indicates CR, etc.) by looking at 'em for awhile. Or, you can download
> Snort, install it, and see what else is floating around on your network.
Thanks Ed. I had already considered Snort but thought it would be a
little too much just for this purpose. I may install it anyway.
More information about the list