Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] How can i prevent from the MS09-004 and MS08-040 HIRisk ?

From: Joel Esler <jesler () sourcefire com>
Date: Sun, 5 Feb 2012 09:33:41 -0500
Well, these are VRT rules. 

Nessus for the most part simply checks for patch level using local credentials on the system. 

-- 
Joel Esler

On Feb 5, 2012, at 3:56 AM, "M.Turner Turner" <msbzag () gmail com> wrote:



Hi
i use nessuss and report MS09-004 and MS08-040 HIRisk in SQL server.
and i enable and drop action for rules 15127 through 15144 and  13896, 16073 and (so_rules)GID:3 SID:13888-13892 .

but rules don't trig and don't alert .
and i can't prevention of these HiRisk.

How can i prevention from these and what rules i use?

thanks
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!

Attachment: smime.p7s
Description: 

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: