01-27-2004 02:48 AM - edited 03-09-2019 06:14 AM
Signature update S67 is available on CCO. S67 provides coverage for the Novarg / Mydoom virus.
01-27-2004 04:18 AM
Site says both S67 files are not available. When will they be?
01-27-2004 05:55 AM
I found it up there, thanks!
01-27-2004 11:28 AM
The worm was also programmed to flood the website of the SCO Group Inc, beginning on February 1 with requests in an attempt to crash its.
Can you help me create a custom signature to monitor connections from devices to port tcp_80 attempting to dos www.sco.*
01-27-2004 11:41 AM
I got the IP address from a host on SCO.com, you can add more as you determine other IP addresses.
Try this (4.1 only):
Engine ATOMIC.TCP
DstPort 80
DstIpAddr 216.250.128.12
DstIpMask 255.255.255.255
TcpFlags =SYN
Mask =SYN
SummaryKey Axxx
01-28-2004 01:10 AM
I know that i am pushing the edge here, but does any one have one for version 3.1
01-28-2004 08:06 AM
Yes, you can use the same signature minus the IP and Mask parameters. Then, create signature filters for the IP address in question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide