[Snort-sigs] packet capture for sid 1282

Shane Williams shanew at ...94...
Thu Mar 21 11:14:40 EST 2002


-----BEGIN PGP SIGNED MESSAGE-----

Here's a capture for the RPC statdx EXPLOIT (sid 1282).  Note that
there is a nearly identical sig (600) which alerts on TCP rather than
UDP.  Does anyone ever see this exploit across TCP?  If so, then maybe
they should be renamed so it's clear at a glance which protocol the
traffic came over.

- -- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |                               
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew at ...94...
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPJowiGa83yV7vGjZAQEEiAP/Sc7VYGLtjaKiJpojwykgqvhxZ5on+6uu
1NpEvcDYpjsiksalKPguREUfFwBMakNOhn1CJqVWtKNIKa+rbx9LuCYVaHdZ+vaf
OC1AQW3n92IM5bh6uIvKNA69U+brCdCobz6IUsq2U0RGGhHej8XEW1UnH3ZlbfWw
ykE+taHFhBY=
=H+Os
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sid-1282.tcpdump
Type: application/octet-stream
Size: 1158 bytes
Desc: 
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020321/5d01dcb5/attachment.obj>


More information about the Snort-sigs mailing list