02-14-2004 12:22 PM - edited 03-09-2019 06:25 AM
Using the two variations of the ms04-007 poc code I've found, I created a custom signature to detect the ASN overflow.
string.tcp engine
ports: 135-139,445
regex: \xA1\x05\x23\x03\x03\x01\x07
Works with both variations so far
02-14-2004 01:27 PM
We are in the process of creating an emergency signature update to address this problem. It will hopefully be out sometime this evening. I will post here when the update is ready.
02-15-2004 03:35 AM
Signature S70 is being uploaded to CCO. It should be available shortly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide