Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [ISSForum] Signature availability questions
From: Gary Flynn (flynngnjmu.edu)
Date: Wed Jan 14 2004 - 17:46:31 CST
Robert Graham wrote:
> --- Gary Flynn <flynngnjmu.edu> wrote:
>>1. Is there a signature to detect an HTTP response with a
>> content-type of application/hta in any of the network
>> sensor products?
> We've added the signature for the next XPU.
> Unfortunately, the signature will trigger false-positives if somebody is
> actually using HTA (HTML applications) within their intranets.
That is OK. I'm interested in implementing it at the Internet
>>2. I notice there is a signature for the Windows RPC Messenger
>> overflow but I suspect it is for requests going through the
>> mapper on port 135. Can anyone confirm this and/or point out
>> a signature for direct Messenger traffic connections to high
>> UDP ports?
> We trigger correctly on high ports.
You just made my day. Thanks!
Security Engineer - Technical Services
James Madison University
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo