[Snort-sigs] no references to MS04-011 in 2.1 NetBIOS ruleset?

Jason Haar Jason.Haar at ...651...
Sat May 1 14:33:02 EDT 2004

Hi there

The LSASS exploit SASSER is on the loose, and I went to check if Snort would
detect it. There are several rules for matching MS04-011 in IMAP/HTTP/etc -
but no reference to it in netbios.rules! So I get it's safe to say Snort
can't detect SASSER exploiting  the MS04-011 vuln at the moment?

The CURRENT ruleset does have references, so any idea when they become



Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-sigs mailing list