[Snort-sigs] Snort missing SPARC Solaris snmpXdmi attempts

andrew.s.pendray at ...229... andrew.s.pendray at ...229...
Mon Dec 10 06:33:04 EST 2001

I'm running SNORT 1.8.3 release on RedHat 7.1, pretty much stock
configuration of SNORT.  I used the exploit found at
http://lsd-pl.net/code/SOLARIS/solsparc_snmpxdmid.c to overflow the
snmpXdmi daemon on my SPARC Solaris 8 box.  I verified with TCPDUMP that
the SNORT interface did "see" the entire exploit happen.  However, SNORT
did not raise any alarm.  Since there are three signatures for this
specific attack, I'm surprised by that.  Any idea what's going on?
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any

More information about the Snort-sigs mailing list