1. Is there a signature to detect an HTTP response with a content-type of application/hta in any of the network sensor products?
I've seen several new web servers a week trying to exploit this for the past several months but I can't find a signature for it.
2. I notice there is a signature for the Windows RPC Messenger overflow but I suspect it is for requests going through the mapper on port 135. Can anyone confirm this and/or point out a signature for direct Messenger traffic connections to high UDP ports?
thanks,
-- Gary Flynn Security Engineer - Technical Services James Madison University
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
