[Snort-users] iis5 printer isapi filter signatures

Greg Wright greg.wright at ...1968...
Wed May 2 20:20:56 EDT 2001


Assume anyone on Win2KSecAdvice has seen the post from DarkSpyrit with the
CMD shell for .printer issue...

Regards,
Greg

-----Original Message-----
From: Max Vision [mailto:vision at ...4...]
Sent: Thursday, 3 May 2001 7:48 AM
To: arachnids at ...4...; snort-users at lists.sourceforge.net
Subject: [Snort-users] iis5 printer isapi filter signatures


Hello,

A few new signatures for the .printer ISAPI filter bug.  If anyone gets
ahold of a leaked CMD-spawning exploit please forward.  (I don't need it
for my own use, I need it to see what others will use).  Now would
probably be a good time to add the signatures for signs of outgoing shells
"C:\"  and soforth.

These intrusion events yeild usable signatures for use in Snort 1.7, Snort
1.8, Dragon Sensor, DefenseWorx, and Pakemon.

http://whitehats.com/info/IDS533
http://whitehats.com/info/IDS534

Max


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010503/a383f59b/attachment.html>


More information about the Snort-users mailing list