Snort mailing list archives
Re: http://www.kb.cert.org/vuls/id/569272 sigs?
From: Greg Herlein <gherlein () herlein com>
Date: Fri, 14 Dec 2001 08:13:41 -0800 (PST)
I'd like to see the actual sploit code so I can develop a rule and then test it. Anyone have it? My usual sources do not... Greg On Thu, 13 Dec 2001, Jon Hart wrote:
Good afternoon, I'm sure most of you have heard of this by now, so I was curious if anyone has started working on a possible sig for this bad-boy. CERT claims that there is an exploit in the wild, and I've heard from two reliable sources that machines are being actively targeted as I write this. In fact, I know of at least one large group of Solaris machines that have been comprimised already, so things are a shakin'. Thoughts? -jon _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http://www.kb.cert.org/vuls/id/569272 sigs? Jon Hart (Dec 13)
- Re: http://www.kb.cert.org/vuls/id/569272 sigs? Greg Herlein (Dec 14)