LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-11-2004, 08:27 AM   #1
zuessh
Member
 
Registered: Jun 2002
Location: USA
Distribution: Suse 8.0
Posts: 247

Rep: Reputation: 30
snort rules to vulns not yet published


With these Microsoft vulns not yet fixed

http://www.eeye.com/html/Research/Upcoming/index.html

is there a way for snort to be able to detect them? Although these have been published, it is not safe to say that someone somewhere does not have access to them. Thanks
 
Old 02-12-2004, 02:17 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
With these Microsoft vulns not yet fixed is there a way for Snort to be able to detect them?
Haven't read about them vulns, but if their methods are not (partially) scanned for (generic BO sigs?) they won't be scanned for. Snort depends on sigs. Someone has got to capture packet dumps, build initial sigs, test them and such.

If there's no usable sploiting to gather nfo from, there wont be any sigs.

Last edited by unSpawn; 02-12-2004 at 02:18 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort, Rules Tredo Linux - Security 1 12-20-2004 12:36 AM
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
updating snort rules zuessh Linux - Security 2 11-26-2003 01:11 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 10:24 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 04:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration