[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] telnetd exploit signature issue
From: Keith Pachulski <Keith.Pachulski () corp ! ptd ! net>
Date: 2001-07-25 19:20:23
[Download RAW message or body]
when testing the signature against an a noted vulnerable version of *bsd the
"content" differed from the content in the sig posted on the snort website.
below is the snort sig and the edited sig with the differing content..
#alert tcp $HOME_NET 23 -> any any (flags: A+; content: "|0D0A|[Yes]|0D0A
FFFE 08FF FD26|"; msg: "TESO *BSD Telnet exploit query response";)
alert tcp $HOME_NET 23 -> any any (flags: A+; content: "|0D0A FFFE 08FF
FE26|"; msg: "re-edit of TESO *BSD Telnet exploit query response";)
07/25-12:18:43.518207 x.x.x.1:23 -> x.x.x.54:4274
TCP TTL:64 TOS:0x0 ID:58530 IpLen:20 DgmLen:90 DF
***AP*** Seq: 0x39EFAC5D Ack: 0x398B6EDC Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 1251212454 16932189
<snip>
70 74 64 2E 6E 65 74 20 3A 20 79 65 73 5D 0D 0A ptd.net : yes]..
FF FE 08 FF FE 26 .....&
</snip>
-Keith
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic