LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   snort rules to vulns not yet published (http://www.linuxquestions.org/questions/linux-security-4/snort-rules-to-vulns-not-yet-published-144815/)

zuessh 02-11-2004 08:27 AM

snort rules to vulns not yet published
 
With these Microsoft vulns not yet fixed

http://www.eeye.com/html/Research/Upcoming/index.html

is there a way for snort to be able to detect them? Although these have been published, it is not safe to say that someone somewhere does not have access to them. Thanks

unSpawn 02-12-2004 02:17 PM

With these Microsoft vulns not yet fixed is there a way for Snort to be able to detect them?
Haven't read about them vulns, but if their methods are not (partially) scanned for (generic BO sigs?) they won't be scanned for. Snort depends on sigs. Someone has got to capture packet dumps, build initial sigs, test them and such.

If there's no usable sploiting to gather nfo from, there wont be any sigs.


All times are GMT -5. The time now is 03:01 PM.