[Snort-sigs] IPS does not detect MS12-020 vulnerability via backtrack module

Lukas Matt lukas.matt at ...525...
Tue Nov 26 05:58:02 EST 2013


Hey guys,

one of our customer complained about SID 21619 (not readable to me).

If he runs the attack with..

    https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse

.. the attack will be blocked, but if he uses Backtrack:

    auxiliary/dos/windows/rdp/ms12_020_maxchannelids

... he can pass the rule.

Cheers,
Lukas

-- 
Lukas Matt
Deep Packet Inspection Researcher, RnD

tel: +49-721-25516-322, cell: +49-174-3440-555

Sophos Technology GmbH
Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany

SOPHOS Security made simple

---
Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20131126/263b6a38/attachment.html>


More information about the Snort-sigs mailing list