|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISSForum] Signature availability questions
From: Gary Flynn (flynngn
jmu.edu)
Date: Mon Jan 12 2004 - 21:54:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm not sure this is the right place for this but:
1. Is there a signature to detect an HTTP response with a
content-type of application/hta in any of the network
sensor products?
I've seen several new web servers a week trying to exploit
this for the past several months but I can't find a signature
for it.
2. I notice there is a signature for the Windows RPC Messenger
overflow but I suspect it is for requests going through the
mapper on port 135. Can anyone confirm this and/or point out
a signature for direct Messenger traffic connections to high
UDP ports?
thanks,
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]