snort rules to vulns not yet published
With these Microsoft vulns not yet fixed
http://www.eeye.com/html/Research/Upcoming/index.html is there a way for snort to be able to detect them? Although these have been published, it is not safe to say that someone somewhere does not have access to them. Thanks |
With these Microsoft vulns not yet fixed is there a way for Snort to be able to detect them?
Haven't read about them vulns, but if their methods are not (partially) scanned for (generic BO sigs?) they won't be scanned for. Snort depends on sigs. Someone has got to capture packet dumps, build initial sigs, test them and such. If there's no usable sploiting to gather nfo from, there wont be any sigs. |
All times are GMT -5. The time now is 05:43 AM. |