[Snort-sigs] Unknown IIS Worm Sigs

Hoover, James A (EIS, Corp) James.Hoover at ...2589...
Wed Jul 14 13:12:09 EDT 2004


That's correct.  Once we discovered that it was exploiting the IE browser
vuln., we started looking for the IP reported and saw this rule had been
triggered.


-----Original Message-----
From: Matthew Jonkman [mailto:matt at ...2436...]
Sent: Friday, June 25, 2004 11:15 AM
To: Hoover, James A (EIS, Corp)
Cc: 'Brian'; snort-sigs mailinglist
Subject: Re: [Snort-sigs] Unknown IIS Worm Sigs


Really? That's good news. I hope he is right. I've turned it back on for 
my nets. The flood of false's hasn't appeared yet, so maybe it's good now.

That russian site's down now. Did you get hits on it last night?

Thanks

Matt

Hoover, James A (EIS, Corp) wrote:

> I believe Brian is correct on this.  I've been able to confirm that this
> rule triggers when visiting the site the was listed on incidents.org
> 217.107.218.147.  
> 


This communication, including attachments, is for the exclusive use of 
addressee and may contain proprietary, confidential or privileged 
information. If you are not the intended recipient, any use, copying, 
disclosure, dissemination or distribution is strictly prohibited. If 
you are not the intended recipient, please notify the sender 
immediately by return email and delete this communication and destroy all copies.





More information about the Snort-sigs mailing list