참고
https://nvd.nist.gov/vuln/detail/CVE-2001-0540
https://nvd.nist.gov/vuln/detail/CVE-2001-0663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0663
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-040
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-052
https://vuldb.com/?id.17567
https://vuldb.com/?id.17655
Snort 1448 / 1447
https://www.snort.org/rule_docs/1-1448
https://www.snort.org/rule-docs/1-1447
https://github.com/eldondev/Snort/blob/master/rules/misc.rules
alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"MISC MS Terminal server request"; flow:to_server,established; content:"|03 00 00|"; depth:3; content:"|E0 00 00 00 00 00|"; depth:6; offset:5; reference:bugtraq,3099; reference:cve,2001-0540; reference:url,www.microsoft.com/technet/security/bulletin/MS01-040.mspx; classtype:protocol-command-decode; sid:1448; rev:12;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"MISC MS Terminal server request RDP"; flow:to_server,established; content:"|03 00 00 0B 06 E0 00 00 00 00 00|"; depth:11; reference:bugtraq,3099; reference:cve,2001-0540; classtype:protocol-command-decode; sid:1447; rev:11;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"GPL POLICY MS Remote Desktop Request RDP"; flow:to_server,established; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; reference:bugtraq,3099; reference:cve,2001-0540; reference:url,www.microsoft.com/technet/security/bulletin/MS01-040.mspx; classtype:protocol-command-decode; sid:2101447; rev:14; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
댓글 없음:
댓글 쓰기