Can Bro detect some attacks against Microsoft OS vulnerability?

user19 · August 25, 2006, 7:12am

Hello, all.

I have a question about Bro rules.
Does Bro have some rules of detecting attacks against Microsoft OS
vulnerability?

I attempted to attack against MS03-026 vulnerability of Windows_XP_SP1
on the VMware using Dcom attack code.
Though, Bro does not detect this attack.

If you have a lot of infomation relating to these problem, could you
give me advice?

Thank you.

Jean-Philippe_Luigg2 · August 25, 2006, 1:31pm

Hello,

As far i know, "Bro" relies on specific network patterns to detect bad things,
as soon as there's one that match, the IDS will fire up an alarm.

So if "Bro" knows about the DCOM attack, it'll send a notification.

Best regards.

Topic		Replies	Views
About BRO Zeek	2	64	May 6, 2022
Bro alert Zeek	1	55	May 6, 2022
some puzzles about the usage of bro Zeek	2	45	May 6, 2022
bro-dev Digest, Vol 27, Issue 31 Development development	1	166	May 6, 2022
Event signatures Zeek	1	43	May 6, 2022