Full Disclosure mailing list archives
RE: DCOM RPC exploit IDS rule?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 30 Jul 2003 16:32:55 -0500
Updated sigs for snort were released today. If you're using oinkmaster, you can retrieve them that way. We're not seeing any, but the ports are closed and the IDSes are behind the firewall, so I wouldn't expect to see any. The various places I monitor seem to indicate that activity on those ports has picked up, but it all appears to be manual at this point. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ -----Original Message----- From: Joshua Thomas [mailto:JThomas () poweronemedia com] Sent: Wednesday, July 30, 2003 3:48 PM To: 'full-disclosure () lists netsys com' Subject: [Full-disclosure] DCOM RPC exploit IDS rule? Two questions: 1) Are there IDS rules out for the DCOM RPC exploit yet? 2) If so, how much activity in "the wild" has anyone seen on their IDS of choice for this exploit? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM RPC exploit IDS rule? Joshua Thomas (Jul 30)
- Re: DCOM RPC exploit IDS rule? Jordan Wiens (Jul 31)
- <Possible follow-ups>
- RE: DCOM RPC exploit IDS rule? Schmehl, Paul L (Jul 30)
- RE: DCOM RPC exploit IDS rule? Dave Killion (Jul 30)