[Snort-sigs] Updated BLASTER TFTP rules

Brian bmc at ...95...
Tue Aug 19 21:42:19 EDT 2003


On Wed, Aug 20, 2003 at 03:39:27PM +1200, Jason Haar wrote:
> On Tue, Aug 19, 2003 at 08:24:36PM -0700, Erick Mechler wrote:
> > Check the archives; they've been mentioned quite often over the past 2 
> > weeks.
> > 
> > http://www.snort.org/snort-db/sid.html?sid=2192
> > http://www.snort.org/snort-db/sid.html?sid=2193
> 
> Argh - the search interface is broken then. I did search "By Message" on
> ttp://www.snort.org/cgi-bin/sigs-search.cgi for "dcom","msblast", and got no
> hits. And yet there they are...
> 
> I have Cc'ed bmc at ...95..., hopefully s/he will be able to confirm if
> there's a problem with the search interface.

No, its not.  You searching for the wrong thing.  

The rule messages dont say "dcom" or "msblast".  DCE, RPC, or CAN-2003-0352
all work as search items.

-brian




More information about the Snort-sigs mailing list