TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Yes, but not in a x-press update yet.
ISS RealSecure intrusion detection customers may use the following
user-defined signature to detect access attempts by the Code Red worm.
Follow the instructions below to apply the user-defined signature to your
policy.
>From the Sensor window:
1. Right-click on the sensor and select 'Properties'.
2. Choose a policy you want to use, and click 'Customize'.
3. Select the 'User Defined Events' tab.
4. Click 'Add' on the right hand side of the dialog box.
5. Create a User Defined Event.
6. Type in a name of the event, such as 'Code Red access attempt'. 7. In the
'Context' field for each event, select 'URL_Data'.
In the 'String' field, type the following string:
default\.ida$
8. Click 'Save', and then 'Close'.
9. Click 'Apply to Sensor' or 'Apply to Engine', depending on the
version of RealSecure you are using.
The next X-Press Update for ISS RealSecure Network Sensor will contain a
signature to detect this vulnerability.
NetworkICE provides an update for BlackICE products to detect the ISAPI
Extension Overflow vulnerability (issue ID 2002608). Refer to the following
URL for information regarding the detection and auto-blocking capabilities
for this attack:
http://www.networkice.com/downloads/agent_detection_update.html
> -----Original Message-----
> From: Sloan, Scott (CIT) [mailto:[EMAIL PROTECTED]]
> Sent: den 30 juli 2001 18:35
> To: '[EMAIL PROTECTED]'
> Subject: CodeRed Signature
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to [EMAIL PROTECTED] Contact
> [EMAIL PROTECTED] for help with any problems!
> --------------------------------------------------------------
> --------------
>
> Does ISS have any RealSecure signatures to detect the CodeRed Worm?
>
> Thanks,
> Scott
>
>
