[Snort-users] iis5 printer isapi filter signatures
greg.wright at ...1968...
Wed May 2 20:20:56 EDT 2001
Assume anyone on Win2KSecAdvice has seen the post from DarkSpyrit with the
CMD shell for .printer issue...
From: Max Vision [mailto:vision at ...4...]
Sent: Thursday, 3 May 2001 7:48 AM
To: arachnids at ...4...; snort-users at lists.sourceforge.net
Subject: [Snort-users] iis5 printer isapi filter signatures
A few new signatures for the .printer ISAPI filter bug. If anyone gets
ahold of a leaked CMD-spawning exploit please forward. (I don't need it
for my own use, I need it to see what others will use). Now would
probably be a good time to add the signatures for signs of outgoing shells
"C:\" and soforth.
These intrusion events yeild usable signatures for use in Snort 1.7, Snort
1.8, Dragon Sensor, DefenseWorx, and Pakemon.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users