Snort mailing list archives
Re: sadmind rule
From: Andrew Daviel <andrew () andrew triumf ca>
Date: Wed, 9 May 2001 12:48:53 -0700 (PDT)
On Wed, 9 May 2001, Max Vision wrote:
The NT/IIS attacks will be seen by IDS433: http://whitehats.com/info/IDS433 (http-iis-unicode-traversal-optyx)
Not if the HTTP preprocessor is enabled - which for me gives way too many "spp_http_decode: IIS Unicode attack detected " to believe. The IDS433 rule doesn't seem to be in the ruleset I was running (Jan 18 2001 probably) or in the "current" 1.7 snortrules.tar.gz" I just downloaded. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 security () triumf ca _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sadmind rule Andrew Daviel (May 09)
- Re: sadmind rule Max Vision (May 09)
- Re: sadmind rule Andrew Daviel (May 09)
- Re: sadmind rule Andreas Östling (May 09)
- Re: sadmind rule Andrew Daviel (May 09)
- Re: sadmind rule Andreas Östling (May 09)
- Re: sadmind rule Chris Green (May 09)
- <Possible follow-ups>
- RE: SadMind rule Steve Halligan (May 09)
- snortsnarf Aaron McKinnon (May 09)
- Re: sadmind rule Polar Bear (May 09)
- Re: sadmind rule Max Vision (May 09)