[Snort-sigs] Sdbot and Spybot Worm sigs?

Raj Wurttemberg rajw at ...2042...
Tue Jul 27 12:28:06 EDT 2004


If I am correct Snort is able to detect these Microsoft Windows
vulnerabilities:

DCOM RPC vulnerability
-http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx

WEBDAV vulnerability -
http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

LSASS vulnerability -
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx 

I have the Spybot and Sdbot worms floating around on a couple of users PC's
and I would like to be able to track it quickly and get the users PC's
patched. I do not see any Snort alerts but I know the worm is out there. Do
I have to reconfigure my snort.conf file (Snort 2.1.3 on Linux) to listen
for the above vulnerabilities?

Thanks,
/*Raj*/





More information about the Snort-sigs mailing list