[Snort-sigs] Windows RPC Interface access detect signature set (win-rpc.rules)

kawa kawakawa at ...2530...
Tue Jun 1 21:36:03 EDT 2004

Hi, all.

I made "Windows RPC Interface access detect signature set" with Urity.
http://kawa.smokerz.net/d/file/win-rpc.rules  (v 1.0 2004/06/02)
http://kawa.smokerz.net/d/?200405c&to=200405293#200405293 (Japanese)

- It can detect Windows RPC Inferface access.
- It can detect 43 RPC Interfaces.
- It has 258 (43x6) signatures.
- It can't detect particular attacks.
- If unknown worms are released , it may detect.
- Some signatures may overlap with snort signatures.

If anyone knows other major RPC Interface ID, plz tell me.


kawa / kawakawa [ at ] sa.il24.net
If you send private message to me, include [to-kawa] in subject for
escaping spam.

More information about the Snort-sigs mailing list