[Snort-sigs] WEB-FRONTPAGE /_vti_bin/ access rule question to the community
Coen Bakkers, Monitored Security
coen.bakkers at ...1134...
Wed May 26 11:23:09 EDT 2004
In light of my GCIA practical, I am doing a comparative study between Snort 2.0.x and Snort 2.1.3 RC1, I discovered that the WEB-FRONTPAGE /_vti_bin/ access
signature only triggers when the Metasploit Frontpage fp30reg.dll Chunked Encoding exploit is run against Snort 2.1.3RC1, Snort 2.0.x does not detect it although the rule seems to be the same, the rule group is activated as well. Settings seem to be the same in snort.conf.
Does anyone know why, i think it might have to do with some changes of the preprocessors, however I am not sure.
Thanks for your help,
Symantec, Berlin SOC
+49 1805 444 725
More information about the Snort-sigs