Hosting Provided By

[Snort-sigs] snort-rules CURRENT update @ Wed Apr 16 20:16:11 2003

From: <bmc(at)snort.org>
Date: Wed Apr 16 2003 - 20:16:11 EDT

This rule update was brought to you by Oinkmaster. Written by Andreas Östling <andreaso@it.su.se>

[*] Rule modifications: [*]

[///] Modified active: [///]

     file -> netbios.rules
     old: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB trans2open buffer overflow attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|ff 53 4d 42 32|"; offset:4; depth:5; content:"|00|"; distance:1; within:1; content:"|00 00 00 00 00 00 00 00 00 00 00 00|"; distance:5; within:12; content:"|00 14|"; distance:32; within:2; byte_test:2,>,1024,0,relative,little; reference:cve,CAN-2003-0201; reference:url,www.digitaldefense.net/labs/advisories/DDI-1013.txt; classtype:attempted-admin; sid:2103; rev:1;)
     new: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB trans2open buffer overflow attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|ff 53 4d 42 32|"; offset:4; depth:5; content:"|00 14|"; offset:60; depth:2; byte_test:2,>,1024,0,relative,little; reference:cve,CAN-2003-0201; reference:url,www.digitaldefense.net/labs/advisories/DDI-1013.txt; classtype:attempted-admin; sid:2103; rev:2;)



-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Wed Apr 16 20:52:58 2003

This message: [ Message body ]
Next message: bmc(at)snort.org: "[Snort-sigs] snort-rules STABLE update @ Wed Apr 16 21:16:04 2003"
Previous message: Dirk Mueller: "Re: [Snort-sigs] P2P Question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT