Hosting Provided By

Re: [Snort-sigs] tftp rules classtypes confusing

From: Chris Green <cmg(at)sourcefire.com>
Date: Thu Apr 10 2003 - 09:27:08 EDT

"Miller, Eoin" <Miller@fhlb-of.com> writes:

> now what seems to be odd is that the classtype is

The direction the rule was originally written for was as a way to detect with snort when people successfuly compromised machine where tftp is one of the common upload mechanisms for toolsets.

-- 
Chris Green 
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Received on Thu Apr 10 10:01:13 2003

This message: [ Message body ]
Next message: Alberto Gonzalez: "[Snort-sigs] netric/eSDee dhcpd exploit rule."
Previous message: Joerg Weber: "[Snort-sigs] Possible rule for samba-2.2.XX exploit"
In reply to Miller, Eoin: "[Snort-sigs] tftp rules classtypes confusing"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT