Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft DCOM RPC Worm Alert

From: Patrick Dolan <dolan () cc admin unt edu>
Date: Tue, 12 Aug 2003 10:40:49 -0500
You need to take out those slashes you left in there when you copied it.

On Tuesday 12 August 2003 10:06 am, Robert Reid wrote:

What did I do wrong with this rule? Snort refuses to run it.

Error found at line 1543:
alert tcp $EXTERNAL_NET any -> $HOME_NET 135 \ (msg:"DCE RPC Interface
Buffer Overflow Exploit"; \ content:"|00 5C 00 5C|"; \ content:!"|5C|";
within:32; \ flow:to_server,established; \ reference:bugtraq,8205; rev: 1;)

-----Original Message-----
From: IntegPatchMgr [mailto:IntegPatchMgr () infosys com]
Sent: Tuesday, August 12, 2003 7:18 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Microsoft DCOM RPC Worm Alert

Hi,

You can find snort sign for Microsoft DCOM RPC Worm at

https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pd
f

Regards
Shivabasu






-- 
Patrick Dolan
UNT Information Security

PGP ID: E5571154
Primary key fingerprint: 5681 25E4 6BE6 298E 9CF0  6F8D B13B 2456 E557 1154



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: