[Dshield] Microsoft ASN.1

Corinne Cook corinnec at abdi.com
Thu Feb 12 16:38:52 GMT 2004

Does anyone have any thoughts on the following related to possible ASN.1
attacks with this vulnerability:

First, how easy is this to exploit on a client versus a server?  If only
servers are patched and clients are behind firewalls how likely and how
severe could a network full of unpatched clients be?  I know Microsoft said
to patch all machines, but I know people who think this is a server side
issue almost entirely and are not going to patch clients (even remote laptop

Would a home user with no firewall (stand alone, not networked) be easily
infected without some action on their part (like the Blaster infection?)?

I am new to understanding attacks such as these and I'm trying to learn some
programming and theories so I can better understand application level
vulnerabilities and attacks, so I am wondering if there are others here who
understand these better and can explain these a little better.  I know ASN.1
is more of a mother language for networking and not really a language like
C/+/#, etc., but I would assume some of the same rules hold generally true?


Corinne Cook

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Brian Dessent
Sent: Wednesday, February 11, 2004 4:56 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Microsoft ASN.1

Dragos Ruiu wrote:

> David Meltzer had this fine snort signature for it:
> alert tcp any any -> any any (msg:"Possible ASN.1 Exploit Attempt")

Better hope that you have plenty of free space on the mount that
contains your log files, if you use this one...


list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list