[Snort-sigs] OpenSSH

kristofer-roy.g.reyes.1 reyes at ...751...
Tue Aug 13 12:51:04 EDT 2002


I am trying to write a signiture to detect the Integer/Boundary Condition
overflow attack on OpenSSH 3.3 and earlier. Essentially, all exploits will
send a packet containing an integer greater than or equal to some specific
value. Is there any way to detect something like this?

Thanks for the help,
Kris Reyes
reyes at ...751...

More information about the Snort-sigs mailing list