Probably. TCP is connection-oriented. Blaster must first "connect" on port 135 before it can send the "exploit". If you firewall port 135 or have no machines listening, then Blaster will never connect, and therefore no IDS will pick up the exploit signature. In this case, the only thing the IDS can do is see the failed connections on port 135.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brian Tan Sent: Saturday, August 16, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Sensor not picking up Blaster worm Hi.... Even though i have applied XPU 20.19 and hv enabled MSRPC check,my sensor is not picking up the scanning traffic as this signature.Instead,it's being classified as TCP_Service_Sweep on port 135.Is it normal?? -- __________________________________________________________ Sign-up for your own personalized E-mail at Mail.com http://www.mail.com/?sr=signup CareerBuilder.com has over 400,000 jobs. Be smarter about your job search http://corp.mail.com/careers _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
