[Bro] Sasser Policy?
Mike Hsiao
hsiaom26 at hotmail.com
Wed Oct 17 09:01:00 PDT 2007
Hi,
Currently, I'm studying the worm behaviors, such as Blaster, Sasser, ... .
And the policy script blaster.bro can detects instances of the W32.Blaster.
Is there any policy that can be used for detecting Sasser?
Or any other scanning policy can capture the scanning event of Sasser worm?
I would like to understand how (or what approaches) Bro to detect Sasser.
Any help will be appreciated, thanks.
Regards,
Mike
More information about the Bro
mailing list