[Snort-users] iis5 printer isapi filter signatures

Greg Wright greg.wright at ...1968...
Wed May 2 20:20:56 EDT 2001

Assume anyone on Win2KSecAdvice has seen the post from DarkSpyrit with the
CMD shell for .printer issue...


-----Original Message-----
From: Max Vision [mailto:vision at ...4...]
Sent: Thursday, 3 May 2001 7:48 AM
To: arachnids at ...4...; snort-users at lists.sourceforge.net
Subject: [Snort-users] iis5 printer isapi filter signatures


A few new signatures for the .printer ISAPI filter bug.  If anyone gets
ahold of a leaked CMD-spawning exploit please forward.  (I don't need it
for my own use, I need it to see what others will use).  Now would
probably be a good time to add the signatures for signs of outgoing shells
"C:\"  and soforth.

These intrusion events yeild usable signatures for use in Snort 1.7, Snort
1.8, Dragon Sensor, DefenseWorx, and Pakemon.



Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010503/a383f59b/attachment.html>

More information about the Snort-users mailing list