Updated sigs for snort were released today. If you're using oinkmaster, you can retrieve them that way.
We're not seeing any, but the ports are closed and the IDSes are behind the firewall, so I wouldn't expect to see any. The various places I monitor seem to indicate that activity on those ports has picked up, but it all appears to be manual at this point. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ -----Original Message----- From: Joshua Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 3:48 PM To: '[EMAIL PROTECTED]' Subject: [Full-Disclosure] DCOM RPC exploit IDS rule? Two questions: 1) Are there IDS rules out for the DCOM RPC exploit yet? 2) If so, how much activity in "the wild" has anyone seen on their IDS of choice for this exploit? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html