Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http://www.kb.cert.org/vuls/id/569272 sigs?

From: Greg Herlein <gherlein () herlein com>
Date: Fri, 14 Dec 2001 08:13:41 -0800 (PST)
I'd like to see the actual sploit code so I can develop a rule
and then test it.  Anyone have it?  My usual sources do not...

Greg

On Thu, 13 Dec 2001, Jon Hart wrote:


Good afternoon,

I'm sure most of you have heard of this by now, so I was curious if 
anyone has started working on a possible sig for this bad-boy.  CERT claims
that there is an exploit in the wild, and I've heard from two reliable
sources that machines are being actively targeted as I write this.  In
fact, I know of at least one large group of Solaris machines that have been
comprimised already, so things are a shakin'.  

Thoughts?

-jon


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: