|
|
Warning -- floods of Allaple worm alerts.... sid:200329(2-5): msg#00120security.ids.snort.bleedingsnort
Hi Over the last 24 hours we have had about 50 sources fire 20 million ping packets containing the string that triggers the Allaple signature. The only affect it has has is to gum up my snort database. I don't believe this is worm traffic and if is a ddos it is pretty feeble. It was however a fairly effective dos against my snort system -- two sensors saw this traffic so that's a total of over 40 million events in the database. :( I have now disabled all those rules and am (slowly) deleting all the records from the data base. Can I suggest that these rules be disabled by default with a comment saying why. Anyone got any idea why this traffic was sent (I doubt if they were really trying to attack my snort system). They have sent enough traffic to random addresses to map our network 200 times over. Russell. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Bleeding Edge Threats Daily Signature Changes: 00120, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
|---|---|
| Next by Date: | Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5): 00120, Matt Jonkman |
| Previous by Thread: | Error With Flowbit dce.bind.netware_csi: 00120, Bamm Visscher |
| Next by Thread: | Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5): 00120, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | Mail Home | sitemap | FAQ | advertise |