[Bro] Can Bro detect some attacks against Microsoft OS vulnerability?
Jean-Philippe Luiggi
jp.luiggi at free.fr
Fri Aug 25 06:31:17 PDT 2006
Hello,
As far i know, "Bro" relies on specific network patterns to detect bad things,
as soon as there's one that match, the IDS will fire up an alarm.
So if "Bro" knows about the DCOM attack, it'll send a notification.
Best regards.
On Fri, Aug 25, 2006 at 04:12:07PM +0900, ?$BKLB<!!??0l wrote:
> Hello, all.
>
> I have a question about Bro rules.
> Does Bro have some rules of detecting attacks against Microsoft OS
> vulnerability?
>
> I attempted to attack against MS03-026 vulnerability of Windows_XP_SP1
> on the VMware using Dcom attack code.
> Though, Bro does not detect this attack.
>
> If you have a lot of infomation relating to these problem, could you
> give me advice?
>
> Thank you.
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list