I just had a discussion with RealSecure Tech support on this one about 10 days ago. We began to see SQL_SSRP_BO about 15 days ago. Since this was a udp-based attack, RSKILL is not possible. Is there some way to set up a response for SQL_SSRP_BO so that the attacking host is banned?
Bill... -----Original Message----- From: Rouland, Chris (ISSAtlanta) [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 2:28 PM To: Christopher Lyon; [EMAIL PROTECTED] Subject: RE: [ISSForum] SQL Slammer Christopher, The RealSecure network sensor signature that shipped in RealSecure XPUs 20.4/5.3 on 9/17/02 which detects the exploit being used by the SQL Slammer worm is named SQL_SSRP_StackBo. -Chris -----Original Message----- From: Christopher Lyon [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 4:37 AM To: [EMAIL PROTECTED] Subject: [ISSForum] SQL Slammer According to ISS' home page the sensors can detect this as of September 2002. I did a search for it on the signature base that I have but can't seem to find it. I tried both Slammer and SQLExp. Does it use a different name? _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
