Robert Graham wrote:
--- Gary Flynn <[EMAIL PROTECTED]> wrote:
We've added the signature for the next XPU.1. Is there a signature to detect an HTTP response with a content-type of application/hta in any of the network sensor products?
Unfortunately, the signature will trigger false-positives if somebody is
actually using HTA (HTML applications) within their intranets.
That is OK. I'm interested in implementing it at the Internet border.
2. I notice there is a signature for the Windows RPC Messenger overflow but I suspect it is for requests going through the mapper on port 135. Can anyone confirm this and/or point out a signature for direct Messenger traffic connections to high UDP ports?
We trigger correctly on high ports.
You just made my day. Thanks!
-- Gary Flynn Security Engineer - Technical Services James Madison University
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
