ARAKIS

NSNORT Details

Date:

2012-05-16 01:32:02

Message:

New bleeding snort events, not seen this week:

Name:       ET EXPLOIT Symantec Remote Management RTVScan Exploit

Class:      attempted-admin

References: 
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3455
            http://doc.emergingthreats.net/bin/view/Main/2003250
            http://research.eeye.com/html/advisories/published/AD20060612.html
            http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Symantec

The NSNORT alarm signals snort rules that have been triggered for the first time in a week. This may be an indicator of a fairly new attack, that has already been recognized by someone who coded the rule.