[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Jan 5 18:01:20 EST 2005


[***] Results from Oinkmaster started Wed Jan  5 21:00:03 2005 [***]

[---]         Removed rules:         [---]

     -> Removed from bleeding-exploit.rules (1):
        alert tcp any any -> $HOME_NET 42 (msg:"BLEEDING-EDGE Exploit WINS EXPLOIT win2000 overflow attempt"; flow:to_server,established; content:"|90 00 4e 05|"; classtype:attempted-admin; sid:2001639; rev:1;)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-exploit.rules (1):
        #From John Johnson re MS04-045. Changed source to any to catch internal attacks which might be more likely with this sig

     -> Removed from bleeding-sid-msg.map (1):
        2001639 || BLEEDING-EDGE Exploit WINS EXPLOIT win2000 overflow attempt

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list