[Snort-sigs] IPS does not detect MS12-020 vulnerability via backtrack module

Lukas Matt lukas.matt at ...525...
Tue Nov 26 05:58:02 EST 2013

Hey guys,

one of our customer complained about SID 21619 (not readable to me).

If he runs the attack with..


.. the attack will be blocked, but if he uses Backtrack:


... he can pass the rule.


Lukas Matt
Deep Packet Inspection Researcher, RnD

tel: +49-721-25516-322, cell: +49-174-3440-555

Sophos Technology GmbH
Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany

SOPHOS Security made simple

Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20131126/263b6a38/attachment.html>

More information about the Snort-sigs mailing list