[Snort-sigs] Snort sig for LSASS Windows vulnerability - Bloodhound.Exploit.8 ??

Rich iso_list at ...144...
Tue Apr 20 07:54:07 EDT 2004

Bloodhound.Exploit.8 has been released.
Symanted has created a notification about the exploit
available here;

In this notification, under protection strategy they
Intrusion Detection
Look for suspicious RPC traffic over the named pipe
"\pipe\lsarpc". A sudden increase in network traffic
towards this named pipe may indicate that the
vulnerability is being exploited.

Anyone know how to create a rule from this info?

Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢

More information about the Snort-sigs mailing list