Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: iis5 printer isapi filter signatures

From: Greg Wright <greg.wright () hunterdigital com au>
Date: Thu, 3 May 2001 10:20:56 +1000
Assume anyone on Win2KSecAdvice has seen the post from DarkSpyrit with the
CMD shell for .printer issue...

Regards,
Greg

-----Original Message-----
From: Max Vision [mailto:vision () whitehats com]
Sent: Thursday, 3 May 2001 7:48 AM
To: arachnids () whitehats com; snort-users () lists sourceforge net
Subject: [Snort-users] iis5 printer isapi filter signatures


Hello,

A few new signatures for the .printer ISAPI filter bug.  If anyone gets
ahold of a leaked CMD-spawning exploit please forward.  (I don't need it
for my own use, I need it to see what others will use).  Now would
probably be a good time to add the signatures for signs of outgoing shells
"C:\"  and soforth.

These intrusion events yeild usable signatures for use in Snort 1.7, Snort
1.8, Dragon Sensor, DefenseWorx, and Pakemon.

http://whitehats.com/info/IDS533
http://whitehats.com/info/IDS534

Max


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: