[Snort-sigs] Re: Question about bleeding Netsky rule?
j.riden at ...1766...
Sat Jan 15 16:09:06 EST 2005
Matt Jonkman <matt at ...2436...> writes:
> That's a good point. I wonder if that worm is even out there in enough
> numbers to be worth trying to fix the signature?
> Anyone seen it lately? I've not for a good while.
I have, but the LSA/LSASS exploit rules and the 'Korgo.P offering
executable' rules seem to catch it pretty well.
James Riden / j.riden at ...1766... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-sigs