[Snort-sigs] Windows RPC Interface access detect signature set (win-rpc.rules)
kawakawa at ...2530...
Tue Jun 1 21:36:03 EDT 2004
I made "Windows RPC Interface access detect signature set" with Urity.
http://kawa.smokerz.net/d/file/win-rpc.rules (v 1.0 2004/06/02)
- It can detect Windows RPC Inferface access.
- It can detect 43 RPC Interfaces.
- It has 258 (43x6) signatures.
- It can't detect particular attacks.
- If unknown worms are released , it may detect.
- Some signatures may overlap with snort signatures.
If anyone knows other major RPC Interface ID, plz tell me.
kawa / kawakawa [ at ] sa.il24.net
If you send private message to me, include [to-kawa] in subject for
More information about the Snort-sigs