[Snort-sigs] SMBdie exploit (MS02-45)

Kevin Rowland krowland at ...379...
Tue Aug 27 13:33:02 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For any interested... Here's a rule I'm using to catch the recently posted 
SMBdie concept code for the MS02-45 Advisory.

alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg: "DOS SMBdie attack"; 
flags: A+; content:"|57724c65680042313342577a|"; reference: bugtraq,5556; 
reference:cve,CAN-2002-0724; classtype: attempted-dos;)

- -- kevin

/------------------------------------------------------------------\
| Kevin Rowland                   Office of Information Technology |
| Sr. Systems Engineer            University of Notre Dame         |
|                                                                  |
| pgpKeyID: 0x83C89CCE                                             |
| fingerprint: 7750 F81A BBD9 8487 18DC  5312 154E FCBA 83C8 9CCE  |
| http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83C89CCE     |
\------------------------------------------------------------------/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9a+HaFU78uoPInM4RAoeEAKDjImBPk45N3CoUVAsO/95G2/geeACgx9a3
WXp0zokbKX7H084ebscLOxA=
=ma+S
-----END PGP SIGNATURE-----
-------------- next part --------------
alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg: "DOS SMBdie attack"; flags: A+; content:"|57724c65680042313342577a|"; reference: bugtraq,5556; reference:cve,CAN-2002-0724; classtype: attempted-dos;)


More information about the Snort-sigs mailing list