[Snort-sigs] Re: Question about bleeding Netsky rule?

James Riden j.riden at ...1766...
Sat Jan 15 16:09:06 EST 2005


Matt Jonkman <matt at ...2436...> writes:

> That's a good point. I wonder if that worm is even out there in enough
> numbers to be worth trying to fix the signature?
>
> Anyone seen it lately? I've not for a good while.

I have, but the LSA/LSASS exploit rules and the 'Korgo.P offering
executable' rules seem to catch it pretty well.

-- 
James Riden / j.riden at ...1766... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/






More information about the Snort-sigs mailing list