[Snort-sigs] first cut at morgan/login-ex.c signature

Chris Green cmg at ...435...
Tue Mar 19 19:03:02 EST 2002


Since this was on bugtraq, theres going to be a lot of hits for it.
I've not seen a sucessful exploit from it so if someone does happen to
see one, I'd love to see the response.

alert tcp any any -> $HOME_NET 23 \
(content:"|A0 23 A0 10 AE 23 80 10 EE 23 BF EC 82 05 E0 D6 90 25 E0|";
 flags: A+; msg: "Solaris Memory mismanagement telnet exploit --
morgan"; )


If any of you want to see what the resposne is and are using binary
logs,


alert tcp any any -> $HOME_NET 23 \
(content:"|A0 23 A0 10 AE 23 80 10 EE 23 BF EC 82 05 E0 D6 90 25 E0|";
 flags: A+; msg: "Solaris Memory mismanagement telnet exploit --
morgan"; tag: host, 300, seconds;)

If you capture a sucessful exploit, please send me the output and
we'll try to do an attack-responses.rules
--
Chris Green <cmg at ...435...>
Fame may be fleeting but obscurity is forever.





More information about the Snort-sigs mailing list