TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Excerpt from yesterday's ISS X-Force alert...
- From the Sensor window:
1. Right-click on the sensor and select 'Properties'.
2. Choose a policy you want to use, and click 'Customize'.
3. Select the 'User Defined Events' tab.
4. Click 'Add' on the right hand side of the dialog box.
5. Create a User Defined Event.
6. Type in a name of the event, such as 'Code Red access attempt'.
7. In the 'Context' field for each event, select 'URL_Data'.
In the 'String' field, type the following string:
default\.ida$
8. Click 'Save', and then 'Close'.
9. Click 'Apply to Sensor' or 'Apply to Engine', depending on the
version of RealSecure you are using.
The next X-Press Update for ISS RealSecure Network Sensor will contain a
signature to detect this vulnerability.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sloan, Scott (CIT)
Sent: Monday, July 30, 2001 12:35 PM
To: '[EMAIL PROTECTED]'
Subject: CodeRed Signature
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Does ISS have any RealSecure signatures to detect the CodeRed Worm?
Thanks,
Scott
