[Snort-sigs] Unknown IIS Worm Sigs
Hoover, James A (EIS, Corp)
James.Hoover at ...2589...
Wed Jul 14 13:12:09 EDT 2004
That's correct. Once we discovered that it was exploiting the IE browser
vuln., we started looking for the IP reported and saw this rule had been
From: Matthew Jonkman [mailto:matt at ...2436...]
Sent: Friday, June 25, 2004 11:15 AM
To: Hoover, James A (EIS, Corp)
Cc: 'Brian'; snort-sigs mailinglist
Subject: Re: [Snort-sigs] Unknown IIS Worm Sigs
Really? That's good news. I hope he is right. I've turned it back on for
my nets. The flood of false's hasn't appeared yet, so maybe it's good now.
That russian site's down now. Did you get hits on it last night?
Hoover, James A (EIS, Corp) wrote:
> I believe Brian is correct on this. I've been able to confirm that this
> rule triggers when visiting the site the was listed on incidents.org
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately by return email and delete this communication and destroy all copies.
More information about the Snort-sigs