Wireshark · Ethereal-users: [Ethereal-users] Re: sasser

Ethereal-users: [Ethereal-users] Re: sasser

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Chris T." <k0rnshell@xxxxxxxxxxx>

Date: Wed, 12 May 2004 05:15:58 -0500

I had snort setup, but the computer was to out of date and just locked up
becuase the database got to big when I get time I will set it up on a more
powerful compuer.

Thank you for your help.

"Guy Harris" <gharris@xxxxxxxxx> wrote in message
news:20040512020847.C266@xxxxxxxxxxxxxxxxxxx...
> On Tue, May 11, 2004 at 07:51:22PM -0500, Chris T. wrote:
> > I am using ethereal to track down infections on my network and I have a
> > filter which I found on the internet.
>
> Found it here?
>
> http://www.ethereal.com/lists/ethereal-users/200405/msg00103.html
>
> Note that he suggests that there are other tools such as Snort that
> might be better for tracking down worms on a network:
>
> http://www.snort.org/
>
> http://www.prelude-ids.org/
>
> > This is the filter how do I tell it not to listen for ip address
> > 172.16.0.175 ?
> >
> > tcp[13]&3!=0 and (port 139 or port 445)
>
> not host 172.16.0.175 and tcp[13]&3!=0 and (port 139 or port 445)

References:
- [Ethereal-users] sasser
  - From: Chris T.
- Re: [Ethereal-users] sasser
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] wifi sniffing
Next by Date: [Ethereal-users] Ethereal 10.3 crashes with AIM packets...
Previous by thread: Re: [Ethereal-users] sasser
Next by thread: [Ethereal-users] Ethereal 10.3 crashes with AIM packets...
Index(es):
- Date
- Thread