r.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
- Original Message -----
From: "Dave Killion" <[EMAIL PROTECTED]>
To: "'Joshua Thomas'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2003 2:48 PM
Subject: RE: [Fu
On Wed, 30 Jul 2003, Joshua Thomas wrote:
> 2) If so, how much activity in "the wild" has anyone seen on their IDS of
> choice for this exploit?
While most of our campus is filtered from netbios, the few hosts that have
exceptions for one reason or another have been attacked on and off since
we a
NetScreen IDP has it in this week's signature update, already out.
When placed in in-line mode and with a rule set to 'drop connection' it
denies the exploit before it reaches into the network.
Sorry for the corporate plug, but someone asked.
I'm not in Support, so I haven't heard from customers
Updated sigs for snort were released today. If you're using oinkmaster,
you can retrieve them that way.
We're not seeing any, but the ports are closed and the IDSes are behind
the firewall, so I wouldn't expect to see any. The various places I
monitor seem to indicate that activity on those port