|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Snort-sigs] New SMB_COM_TRANSACTION alerts look pretty "broken"
From: Brian <bmc(at)snort.org>
Date: Fri Apr 11 2003 - 02:48:10 EDT
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Apr 11 03:27:13 2003
Date: Fri Apr 11 2003 - 02:48:10 EDT
Hrpmf. Do me a favor and try:
alert tcp any any -> any 139 (msg:"NETBIOS SMB SMB_COM_TRANSACTION Max Parameter of 0 DOS Attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|FF 53 4D 42 25|"; offset:4; depth:5; content:"|00 00 00 00|"; offset:43; depth:4;)
-brian
On Mon, Apr 07, 2003 at 10:00:45AM +1200, Jason Haar wrote:
> ...I say that because the moment I told Snort to alert on them, it triggered
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Apr 11 03:27:13 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |