[Snort-sigs] sample for MS04-045

John Johnson jjohn at ...2948...
Tue Jan 4 06:23:32 EST 2005


  Code released Dec 31 to buffer overflow WINS on tcp port
  42 on Win2000 boxes. Although rough, this and the NOP rule
  should flag these. Non-list subscriber, please reply direct.

alert tcp $EXTERNAL_NET any -> $HOME_NET 42 (msg:"WINS EXPLOIT win2000
overflow
attempt"; flow:to_server,established; content:"|90 00 4e 05|";
classtype:attempted-admin;)





More information about the Snort-sigs mailing list