[Snort-sigs] quick rules for new dcom stuff

Jason Haar Jason.Haar at ...651...
Thu Sep 11 08:58:23 EDT 2003

On Thu, 2003-09-11 at 23:42, Johnathan Norman wrote:
> mine pick up the new scans. sid 2192 alerts on the older. All 3 will
> alert using the MS scan tool.

According to the M$ announcement, they say to block ports
135,137,138,139,445 to block this. Are they saying this RPC
vulnerability affects *all* those ports, or is it just ports 135/445 as
before? (I'm assuming their suggestion is just a generalized statement
about blocking M$ networking-related ports).


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-sigs mailing list