[Snort-users] a new worm 4 linux - Adore

Max Vision vision at ...4...
Thu Apr 5 08:57:53 EDT 2001


I wrote signatures for the attacks it uses back when the exploits came
out:

http://whitehats.com/info/IDS457  LPRng-redhat7-overflow-security.is
http://whitehats.com/info/IDS442  rpc-statdx-exploit
http://whitehats.com/info/IDS482  named-exploit-infoleak-lsd
http://whitehats.com/info/IDS489  named-exploit-tsig-lsd
http://whitehats.com/info/IDS453  ftp-6350wu-formatstring-check

A few quick words about the "Adore" worm (aka red worm) - it has nothing
to do with the adore kernel module by the same name.  I see this
misinformation popping up in the media already...

Max

On Thu, 5 Apr 2001, andreas wrote:
> have someone a rule for this ?
>
> MfG
> Andreas





More information about the Snort-users mailing list