[Snort-sigs] CDE dtspcd exploit attempt first cut

Chris Green cmg at ...26...
Tue Jan 15 13:36:23 EST 2002


Chris Green <cmg at ...26...> writes:

> alert tcp $EXTERNAL_NET any -> $HOME_NET 6112 \
>      (msg: "CDE dtspcd exploit attempt"; \
>       reference: cve,CAN-2001-0803; \
>       reference: url,www.cert.org/advisories/CA-2002-01.html; \
>       flags: A+; \
>       content: "1"; offset: 10; depth: 1;
>       content: !"000"; offset: 13; depth: 3;)
>

After atleast byte counting with jh, its offset 11 for the second one
( I was braindead on that one )
-- 
Chris Green <cmg at ...26...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx




More information about the Snort-sigs mailing list