Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPS does not detect MS12-020 vulnerability via backtrack module

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 26 Nov 2013 20:18:45 +0000
Lukas,

We have this bug assigned out now and are looking into it.


On Nov 26, 2013, at 5:58 AM, Lukas Matt <lukas.matt () sophos com<mailto:lukas.matt () sophos com>> wrote:

Hey guys,

one of our customer complained about SID 21619 (not readable to me).

If he runs the attack with..
https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse
.. the attack will be blocked, but if he uses Backtrack:
auxiliary/dos/windows/rdp/ms12_020_maxchannelids
... he can pass the rule.

Cheers,
Lukas


--
Lukas Matt
Deep Packet Inspection Researcher, RnD

tel: +49-721-25516-322, cell: +49-174-3440-555

Sophos Technology GmbH
Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany

SOPHOS Security made simple

---
Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: