My 22nd Snort Report titled Snort vs. Microsoft Security Bulletin MS08-068 has been posted. From the article:
Welcome to the 22nd edition of the Snort Report! On Nov. 11, 2008, Microsoft published Microsoft Security Bulletin MS08-068 -- Important Vulnerability in SMB Could Allow Remote Code Execution (957097). Server Message Block (SMB) is an old and integral aspect of Microsoft Windows file sharing and related functions...
I continue by describing how Snort's rule set dealt with this super-old vulnerability.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.