lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B47628@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: DCOM RPC exploit IDS rule?

Updated sigs for snort were released today.  If you're using oinkmaster,
you can retrieve them that way.

We're not seeing any, but the ports are closed and the IDSes are behind
the firewall, so I wouldn't expect to see any.  The various places I
monitor seem to indicate that activity on those ports has picked up, but
it all appears to be manual at this point.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

-----Original Message-----
From: Joshua Thomas [mailto:JThomas@...eronemedia.com] 
Sent: Wednesday, July 30, 2003 3:48 PM
To: 'full-disclosure@...ts.netsys.com'
Subject: [Full-Disclosure] DCOM RPC exploit IDS rule?


Two questions: 
1) Are there IDS rules out for the DCOM RPC exploit yet? 
2) If so, how much activity in "the wild" has anyone seen on their IDS
of choice for this exploit?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ