[Dshield] Mpack Snort Sigs?

Brian Varine brian.varine at us.army.mil
Tue Jun 19 00:33:41 GMT 2007


There was a pretty good write up in todays handlers diary about Mpack. Has 
anyone written good Snort sigs for this exploit? So far we've put one in to 
flag any downloads of o7.php, any other successful sigs?

http://isc.sans.org/diary.html
http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf




More information about the list mailing list