[Snort-sigs] Snort sig for LSASS Windows vulnerability - Bloodhound.Exploit.8 ??

Rich iso_list at ...144...
Tue Apr 20 07:54:07 EDT 2004


Bloodhound.Exploit.8 has been released.
Symanted has created a notification about the exploit
available here;
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.8.html

In this notification, under protection strategy they
say;
NIDS
Intrusion Detection
Look for suspicious RPC traffic over the named pipe
"\pipe\lsarpc". A sudden increase in network traffic
towards this named pipe may indicate that the
vulnerability is being exploited.

Anyone know how to create a rule from this info?




	
		
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash




More information about the Snort-sigs mailing list