Snort Report 22 Posted

My 22nd Snort Report titled Snort vs. Microsoft Security Bulletin MS08-068 has been posted. From the article:

Welcome to the 22nd edition of the Snort Report! On Nov. 11, 2008, Microsoft published Microsoft Security Bulletin MS08-068 -- Important Vulnerability in SMB Could Allow Remote Code Execution (957097). Server Message Block (SMB) is an old and integral aspect of Microsoft Windows file sharing and related functions...

I continue by describing how Snort's rule set dealt with this super-old vulnerability.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.


Anonymous said…
Good article Richard... Could you upload smbrelay.2.pcap to OpenPacket?

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics