Snort mailing list archives
RE: iis5 printer isapi filter signatures
From: Greg Wright <greg.wright () hunterdigital com au>
Date: Thu, 3 May 2001 10:20:56 +1000
Assume anyone on Win2KSecAdvice has seen the post from DarkSpyrit with the CMD shell for .printer issue... Regards, Greg -----Original Message----- From: Max Vision [mailto:vision () whitehats com] Sent: Thursday, 3 May 2001 7:48 AM To: arachnids () whitehats com; snort-users () lists sourceforge net Subject: [Snort-users] iis5 printer isapi filter signatures Hello, A few new signatures for the .printer ISAPI filter bug. If anyone gets ahold of a leaked CMD-spawning exploit please forward. (I don't need it for my own use, I need it to see what others will use). Now would probably be a good time to add the signatures for signs of outgoing shells "C:\" and soforth. These intrusion events yeild usable signatures for use in Snort 1.7, Snort 1.8, Dragon Sensor, DefenseWorx, and Pakemon. http://whitehats.com/info/IDS533 http://whitehats.com/info/IDS534 Max _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- iis5 printer isapi filter signatures Max Vision (May 02)
- <Possible follow-ups>
- RE: iis5 printer isapi filter signatures Greg Wright (May 02)