[Snort-sigs] Unknown IIS Issue

Matthew Watchinski mwatchinski at ...435...
Mon Jul 19 14:05:01 EDT 2004


 From reading the ISC reports and looking at the packet payload sid:2515 
already covers this.

Cheers,
-matt

Matthew Jonkman wrote:

> ISC is tracking a potential new IIS ssl exploit. Put up a real quick 
> rule to see if it's going around:
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"BLEEDING-EDGE 
> THCOWNZIIS IIS SSL Exploit Attempt"; 
> reference:url,isc.sans.org/diary.php?date=2004-0
> 7-17; content:"THCOWNZIIS!"; sid:2000559; rev:1;)
>
> It's in the Bleeding Rules now, www.bleedingsnort.com. If anyone knows 
> more about it let us know please.
>
> Thanks
>
> Matt
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>





More information about the Snort-sigs mailing list