Hosting Provided By

[Snort-sigs] snort-rules STABLE update @ Mon Apr 7 13:41:13 2003

From: <bmc(at)snort.org>
Date: Mon Apr 07 2003 - 13:52:31 EDT

This rule update was brought to you by Oinkmaster. Written by Andreas Östling <andreaso@it.su.se>

[*] Rule modifications: [*]

[+++] Added: [+++]

     file -> netbios.rules
     alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB trans2open buffer overflow attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|ff 53 4d 42 32|"; offset:4; depth:5; content:"|00 14|"; offset:60; depth:2; byte_test:2,>,1024,0,relative,little; reference:cve,CAN-2003-0201; reference:url,www.digitaldefense.net/labs/advisories/DDI-1013.txt; classtype:attempted-admin; sid:2103; rev:2;)



-------------------------------------------------------

This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Mon Apr 7 14:31:52 2003

This message: [ Message body ]
Next message: John Hally: "RE: [Snort-sigs] Demande d'aide"
Previous message: bmc(at)snort.org: "[Snort-sigs] snort-rules CURRENT update @ Mon Apr 7 13:41:13 2003"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT