IDS mailing list archives
RE: Snort Msword 0-day attack
From: "C, Muruganandam" <muruganandam.c () genpact com>
Date: Mon, 22 May 2006 09:22:18 +0530
Hi, Could you anybody know signature for Msword 0-day attack vulnerbility for snort. Thanks, Regards, Muruganandam -----Original Message----- From: Omar A. Herrera [mailto:omar.herrera () oissg org] Sent: Tuesday, May 16, 2006 11:37 PM To: focus-ids () securityfocus com Subject: RE: Snort false positive[Scanned] Hi, These false positives are common in internal networks if no tuning has been done. The Readme.sfportscan file within the doc/ directory of the snort distribution contains information on how to interpret these results and how to fine tune this module. Regards, Omar Herrera
-----Original Message----- From: Isidro Catalán Ramos Hi list, We have Snort 2.4.4 and in the logs appear a lot of Port Scan traffic of this type: (portscan) TCP Portsweep (portscan) ICMP Sweep (portscan) UDP Portsweep (portscan) Open Port And the payload of this alerts is like the above: Payload (ASCII): Priority Count: 5.Co nnection Count: 4.IP Count: 14.Scanned I P Range: 192.168.1.9 :65.54.171.28.Port/ Proto Count: 8.Port/ Proto Range: 80:3410 . This alerts come from a lot of our network computers but they seems to be clean of spyware, worms, etc... We need to know if this is a false posivite or we have a problem in our LAN. Tanks! --
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: Snort Msword 0-day attack C, Muruganandam (May 22)