[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    [Dragonidsuser] signature update
From:       Michael Rash <mrash () enterasys ! com>
Date:       2004-09-29 20:35:50
Message-ID: 1096490150.1908.57.camel () isengard ! cipherdyne ! org
[Download RAW message or body]


Hi all -

The Dragon signature files have been updated and are available through
the live update process.  The main change is the addition of the
COMP:JPEG-OVERFLOW-FTP which will definitely catch the after-effect of a
successful MS04-028 compromise via the virus located at
http://www.easynews.com/virus.html.  Unfortunately the other sigs
designed to directly detect the length encoding problem in .jpg files
(which serves as the entry point for the buffer overflow) simply have
rates of false positives which are too high to include them within our
main sig files.

--Mike

Michael Rash
Security Research Engineer
Enterasys Networks, Inc.

_______________________________________________
Dragonidsuser mailing list

For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:

  Dragonidsuser-request@enterasys.com

with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.

You must know your password to change your options (including changing the password, \
itself) or to unsubscribe.   If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.  


[prev in list] [next in list] [prev in thread] [next in thread]