Szczególy klastra: [WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-2003-0352, MS03-026)

Nazwa:	[WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-2003-0352, MS03-026)
Data:	2008-12-16 20:31:35
Poziom klasyfikacji:	Attack
Rdzeń:	[WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-2003-0352, MS03-026)
Porty:	135/TCP
Unikalnych źródeł:	92
Rozmiar sygnatury:	380
Sygnatura klastra:
alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"[WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-\ 2003-0352, MS03-026)"; flow:to_server,established; content:"|90 90 90 90 90 90 90 90 90 90 90 90 90 \ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 9\ 0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 eb\ 02 eb 05 e8 f9 ff ff ff|[1|c9 b1 d8 80|s|0c 13|C|e2 f9| |d3|w|10|S#k|1f 98|S|1f 98|c|0f be 98|S|1b \ f8 1a 98|S'|9e|So|98|S/|98 c3 10|S/|98 d9 10|[k|98|R3|98 c9 10|J|0f| |ec| |e5|DD|98 d9 10 1f 03 92|j\ |19|v``Rf|11 98| |92|j|10|gG{af|11 98|(|90 d3 17 90 d0 17 96 e5|g|c8 96 ec|g|c4 10 e1 10 e9|D|fb|2|1\ 3 13 13|gugc=vkv3>z3#=#=#=#3tvg3"; content:"=vkv|13|y|13 fb 0c 13 13 13|f|12 d0 fb 1a 13 13 13|"; co\ ntent:"=vkv|13|y|13 fb 14 13 13 13 1c 97 f6 ec ec ec d0|KHNC|90 ff|G |d3 98 ef 9e|[S|98 c4 e0 b9 a3|\ W|b8|DABBy\;y|12|BBF@|ec c5 90 d7|G|96 d3 d0|\\|00|C|00|$|00|\\|00|1|00|2|00|3|00|4|00|5|00|6|00|1|0\ 0|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|.|00|d|00|o|00|c|00 00 00 01\ 10 08 00 cc cc cc cc|";)