[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Signature availability questions

I'm not sure this is the right place for this but:

1. Is there a signature to detect an HTTP response with a
   content-type of application/hta in any of the network
   sensor products?

   I've seen several new web servers a week trying to exploit
   this for the past several months but I can't find a signature
   for it.

2. I notice there is a signature for the Windows RPC Messenger
   overflow but I suspect it is for requests going through the
   mapper on port 135. Can anyone confirm this and/or point out
   a signature for direct Messenger traffic connections to high
   UDP ports?


Gary Flynn
Security Engineer - Technical Services
James Madison University

ISSForum mailing list

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo