[Snort-sigs] Snort sig for LSASS Windows vulnerability - Bloodhound.Exploit.8 ??
iso_list at ...144...
Tue Apr 20 07:54:07 EDT 2004
Bloodhound.Exploit.8 has been released.
Symanted has created a notification about the exploit
In this notification, under protection strategy they
Look for suspicious RPC traffic over the named pipe
"\pipe\lsarpc". A sudden increase in network traffic
towards this named pipe may indicate that the
vulnerability is being exploited.
Anyone know how to create a rule from this info?
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
More information about the Snort-sigs