Snort mailing list archives
Re: MSDTC Vulnerability Rule?
From: "John" <johns () tampabay rr com>
Date: Mon, 4 Feb 2002 10:44:46 -0500
Hello Eric, With the limited details of this bug I came up with a simple rule. It will (as usual) require some work from the IDS analysis. alert tcp $EXTERNAL_NET any -> $HOME_NET 3372 (msg:"Possible MSDTC DoS"; flags: A+; dsize: >1024; reference:bugtraq,4006; classtype:attempted-dos;) This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone, fax or e-mail to the sender without delay. Return this message or delete this message and any attachment from your system as per our request. If you are not the intended recipient you must not copy this message or attachments or disclose the contents to any other person. ----- Original Message ----- From: "Eric Johansen" <eric.johansen () reliastar com> To: <snort-users () lists sourceforge net> Sent: Monday, February 04, 2002 9:54 AM Subject: [Snort-users] MSDTC Vulnerability Rule?
Has anyone created a rule for the MSDTC vulnerability that was published a few days ago (http://www.securityfocus.com/bid/4006)? Also, since Whitehats.com's site seems to be unreliable recently where do you guys go for supplemental and bleeding edge rules updates? Or do you mostly "brew your own"? Thanks! Eric --- Eric Johansen System Administrator PrimeVest _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MSDTC Vulnerability Rule? Eric Johansen (Feb 04)
- Re: MSDTC Vulnerability Rule? John (Feb 04)
- Re: MSDTC Vulnerability Rule? Brian (Feb 07)
- Re: MSDTC Vulnerability Rule? John (Feb 04)