[Bro] Can Bro detect some attacks against Microsoft OS vulnerability?

Jean-Philippe Luiggi jp.luiggi at free.fr
Fri Aug 25 06:31:17 PDT 2006


As far i know, "Bro" relies on specific network patterns to detect bad things,
as soon as there's one that match, the IDS will fire up an alarm.

So if "Bro" knows about the DCOM attack, it'll send a notification.

Best regards.

On Fri, Aug 25, 2006 at 04:12:07PM +0900, ?$BKLB<!!??0l wrote:
> Hello, all.
> I have a question about Bro rules.
> Does Bro have some rules of detecting attacks against Microsoft OS
> vulnerability?
> I attempted to attack against MS03-026 vulnerability of Windows_XP_SP1
> on the VMware using Dcom attack code.
> Though, Bro does not detect this attack.
> If you have a lot of infomation relating to these problem, could you
> give me advice?
> Thank you.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list