[Snort-sigs] Rule 314, named tsig exploit; wrong?

Jesus Couto jesus.couto at ...649...
Thu Jun 27 23:48:02 EDT 2002


Hi Chris...

Yes, here you have it, a packet capture of the exploit.... as you can 
see, the reason the packet doesnt match the rule is taht /bin/sh isnt 
exaclty right after the hex string in the content: section.

Good luck,

Jesús Couto F.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dns_exploit.log
Type: application/octet-stream
Size: 6125 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020627/d834b6d8/attachment.obj>


More information about the Snort-sigs mailing list