LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-11-2004, 09:27 AM   #1
zuessh
Member
 
Registered: Jun 2002
Location: USA
Distribution: Suse 8.0
Posts: 247

Rep: Reputation: 30
snort rules to vulns not yet published


With these Microsoft vulns not yet fixed

http://www.eeye.com/html/Research/Upcoming/index.html

is there a way for snort to be able to detect them? Although these have been published, it is not safe to say that someone somewhere does not have access to them. Thanks
 
Old 02-12-2004, 03:17 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
With these Microsoft vulns not yet fixed is there a way for Snort to be able to detect them?
Haven't read about them vulns, but if their methods are not (partially) scanned for (generic BO sigs?) they won't be scanned for. Snort depends on sigs. Someone has got to capture packet dumps, build initial sigs, test them and such.

If there's no usable sploiting to gather nfo from, there wont be any sigs.

Last edited by unSpawn; 02-12-2004 at 03:18 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort, Rules Tredo Linux - Security 1 12-20-2004 01:36 AM
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 10:35 PM
updating snort rules zuessh Linux - Security 2 11-26-2003 02:11 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 11:24 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 05:52 AM


All times are GMT -5. The time now is 08:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration