[Snort-sigs] Unknown IIS Issue

Matthew Jonkman matt at ...2436...
Sat Jul 17 18:11:02 EDT 2004

ISC is tracking a potential new IIS ssl exploit. Put up a real quick 
rule to see if it's going around:

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"BLEEDING-EDGE 
THCOWNZIIS IIS SSL Exploit Attempt"; 
7-17; content:"THCOWNZIIS!"; sid:2000559; rev:1;)

It's in the Bleeding Rules now, www.bleedingsnort.com. If anyone knows 
more about it let us know please.



More information about the Snort-sigs mailing list