Sorry to respond to my own post, but I thought this might be of
interest to the list.
Matt Jonkman, over at Emerging Threats (previously known as Bleeding
Threats) has a 'prototype' SNORT sig for these attacks -- try it
out and provide feedback, if you are so inclined.
http://www.emergingthreats.net/content/view/87/9/
- - ferg