AW: [Snort-sigs] Rule for the newest DCOM vulnerability?

Sean Wheeler s.wheeler at ...944...
Thu Sep 11 11:40:24 EDT 2003


Thanks for the early rules !
Much appreciate your effort to get something posted to this list asap as
it's alot better than sitting in the dark having nothing.
Considering the list is here to discuss and help each other, your effort is
much appreciated.

regards
Sean

-----Ursprungliche Nachricht-----
Von: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net]Im Auftrag von Eric Hines
Gesendet: Donnerstag, 11. September 2003 05:40
An: 'Compton, Rich'; snort-sigs at lists.sourceforge.net
Betreff: RE: [Snort-sigs] Rule for the newest DCOM vulnerability?


You would be making the assumption that any upcoming worms or exploits
will be using the same exploit that eEye's Retina uses or at least
making the bet that they've based it on Retina which isn't the safest
bet to make.

Regards,

Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
"Browserless Snort Management is Here"

===============================================

Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
eric.hines at ...1663...
-----------------------------------------------
Corporate Headquarters
1650 Carlemont Dr.
Suite D
Crystal Lake, IL. 60014
-----------------------------------------------
Direct Toll Free: (877) 262-7593 (x327)
Fax: (815) 425-2173
-----------------------------------------------
Main Switchboard: (877) 262-7593 (9am-5pm CST)
Commercial Sales: (877) 262-7593 (opt1)
Government Sales: (877) 262-7593 (opt2)

===============================================


-----Original Message-----
From: Compton, Rich [mailto:RCompton at ...1352...]
Sent: Wednesday, September 10, 2003 10:03 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Rule for the newest DCOM vulnerability?


Anyone have a new rule for the newest Microsoft DCOM vulnerability
(http://www.microsoft.com/technet/treeview/?url=/technet/security/bullet
in/M
S03-039.asp) that eEye just discovered
(http://www.eeye.com/html/Research/Advisories/AD20030910.html)?

Someone on another list suggested running eEye's Retina scanner checking
for that vulnerability and sniffing for the traffic.  Anybody know if
that would work?

-Rich Compton


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list