[Snort-sigs] Sdbot and Spybot Worm sigs?
rajw at ...2042...
Tue Jul 27 12:28:06 EDT 2004
If I am correct Snort is able to detect these Microsoft Windows
DCOM RPC vulnerability
WEBDAV vulnerability -
LSASS vulnerability -
I have the Spybot and Sdbot worms floating around on a couple of users PC's
and I would like to be able to track it quickly and get the users PC's
patched. I do not see any Snort alerts but I know the worm is out there. Do
I have to reconfigure my snort.conf file (Snort 2.1.3 on Linux) to listen
for the above vulnerabilities?
More information about the Snort-sigs