[Snort-sigs] SID 2492 - Question

Michael Sconzo msconzo at ...1371...
Mon Aug 16 09:33:03 EDT 2004


It appears to be looking for bind attemps on port 139 (same with SID: 2493).
And SID 2491 looks for bind attempts on port 445, yet they activate the SIDS
2351 and 2352 (which both look for traffic on port 135).

So, am I understanding it right, that first the worm/exploit/whatever
will attempt to 'bind' to port 139 or 445, then send the exploit
over port 135?


The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37

More information about the Snort-sigs mailing list