[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ISSForum] Signature availability questions
Robert Graham wrote:
--- Gary Flynn <flynngn@xxxxxxx> wrote:
We've added the signature for the next XPU.
1. Is there a signature to detect an HTTP response with a
content-type of application/hta in any of the network
Unfortunately, the signature will trigger false-positives if somebody is
actually using HTA (HTML applications) within their intranets.
That is OK. I'm interested in implementing it at the Internet
2. I notice there is a signature for the Windows RPC Messenger
overflow but I suspect it is for requests going through the
mapper on port 135. Can anyone confirm this and/or point out
a signature for direct Messenger traffic connections to high
We trigger correctly on high ports.
You just made my day. Thanks!
Security Engineer - Technical Services
James Madison University
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo