[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    Re: [Bro] Can Bro detect some attacks against Microsoft OS vulnerability?
From:       Jean-Philippe Luiggi <jp.luiggi () free ! fr>
Date:       2006-08-25 13:31:17
Message-ID: 20060825133117.GA19193 () armada ! mynetwork ! local
[Download RAW message or body]

Hello,

As far i know, "Bro" relies on specific network patterns to detect bad things,
as soon as there's one that match, the IDS will fire up an alarm.

So if "Bro" knows about the DCOM attack, it'll send a notification.

Best regards.


On Fri, Aug 25, 2006 at 04:12:07PM +0900, ?$BKLB<!!??0l wrote:
> Hello, all.
> 
> I have a question about Bro rules.
> Does Bro have some rules of detecting attacks against Microsoft OS
> vulnerability?
> 
> I attempted to attack against MS03-026 vulnerability of Windows_XP_SP1
> on the VMware using Dcom attack code.
> Though, Bro does not detect this attack.
> 
> If you have a lot of infomation relating to these problem, could you
> give me advice?
> 
> Thank you.
> 
> _______________________________________________
> Bro mailing list
> bro@bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

[prev in list] [next in list] [prev in thread] [next in thread]