With these Microsoft vulns not yet fixed is there a way for Snort to be able to detect them?
Haven't read about them vulns, but if their methods are not (partially) scanned for (generic BO sigs?) they won't be scanned for. Snort depends on sigs. Someone has got to capture packet dumps, build initial sigs, test them and such.
If there's no usable sploiting to gather nfo from, there wont be any sigs.
Last edited by unSpawn; 02-12-2004 at 02:18 PM.
|