EditAttachPrintable
r1 - 18 May 2008 - 23:52:13 - TWikiGuestYou are here: TWiki >  Main Web > 2000032

alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT LSA exploit"; flow: to_server,established; content:"|313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131|"; offset: 78; depth: 192; classtype: misc-activity; reference:url,www.eeye.com/html/research/advisories/AD20040501.html; reference:url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html; sid: 2000032; rev:8;)

Added 2008-05-18 19:52:13 UTC

 

alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT LSA exploit"; flow: to_server,established; content:"|313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131|"; offset: 78; depth: 192; classtype: misc-activity; reference:url,www.eeye.com/html/research/advisories/AD20040501.html; reference:url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html; sid: 2000032; rev:8;)

Added 2008-05-18 19:52:13 UTC

alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT LSA exploit"; flow: to_server,established; content:"|313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131|"; offset: 78; depth: 192; classtype: misc-activity; reference:url,www.eeye.com/html/research/advisories/AD20040501.html; reference:url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html; sid: 2000032; rev:7;)

Added 2008-01-25 10:56:38 UTC

alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT LSA exploit"; flow: to_server,established; content:"|313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131|"; offset: 78; depth: 192; classtype: misc-activity; reference:url,www.eeye.com/html/research/advisories/AD20040501.html; reference:url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html; sid: 2000032; rev:7;)

Added 2008-01-25 10:56:38 UTC

alert tcp any any -> $HOME_NET 445 (msg: "BLEEDING-EDGE EXPLOIT LSA exploit"; flow: to_server,established; content:"|313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131|"; offset: 78; depth: 192; classtype: misc-activity; reference:url,www.eeye.com/html/research/advisories/AD20040501.html; reference:url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html; sid: 2000032; rev:6; )

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback