[Snort-sigs] quick rules for new dcom stuff

Sam Evans sam at ...219...
Thu Sep 11 06:48:03 EDT 2003


You are correct.  Both Eeye and Microsoft's tool scan for MS03-026 and
MS03-039.

-Sam

On Thu, 11 Sep 2003, David Wilburn wrote:

> Johnathan Norman wrote:
>
>
> Correct me if I'm wrong, but I believe these scan tools check for all of
> the known RPC vulnerabilities, including both MS03-026 and MS03-039.
>  This would mean that a scan for the older RPC vulnerability would occur
> alongside the newer ones, and would naturally be detected by the older
> signature.  That does not necessarily mean that a scan tool or exploit
> designed to scan only for the newer vulnerabilities would be detected by
> these sigs, though.  Is your rule detecting scans for the new vulns, or
> the older one, or both?  What about SID 2192?
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list