"super" exploitsが密かに出つつあるよう。

• Exploit Targets Windows SSL Vulnerability(netcraft.com)
• Combined exploits of MS vulnerabilities, port 1981 increase(isc.incidents.org)
• マイクロソフト、WindowsやIEの脆弱性を狙う手口が公開されていると警告(INTERNETWatch)
• Windows HotFix Briefings（2004年4月16日版）(@IT)
• Windows HotFix Briefings Alert Windows OS、Outlook Expressに緊急の脆弱性(@IT)

ということでSSLBombのsnortルール

alert tcp any any -> $HOME_NET 443 (msg: "SSL Bomb DoS Attempt"; content:"|16 03 00|"; offset:0; depth:3; content:"|01|"; distance:2; within:1; byte_jump:1,37,relative,align; byte_test:2,>,255,0,relative; flow:to_server,established; classtype:attempted-dos; reference:cve,CAN-2004-0120; reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx; sid:999999; rev:1;)

その2

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 ( msg: "handlers - alpha - SSL DoS Short Client Handshake"; content: "|0d06 092a 8648 86f7 0d01 0104 0500 3081|"; depth: 64; content: "|0b30|"; distance: 2; content: "|0355|"; distance: 2; sid: 1090006; rev: 1;)