[Snort-sigs] snort-rules STABLE update @ Mon Apr 7 13:41:13 2003

Jacob Hurley jacobh at ...1425...
Tue Apr 8 00:57:04 EDT 2003


Is the stable ruleset now designed for snort 2.0?  This rule includes the byte_test; keyword:

Warning: rules/netbios.rules(24) => Unknown keyword 'byte_test' in rule!


Jacob Hurley
Network Operations Center
Alexander Open Systems

-----Original Message-----
From: bmc at ...95... [mailto:bmc at ...95...] 
Sent: Monday, April 07, 2003 12:53 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] snort-rules STABLE update @ Mon Apr 7 13:41:13 2003


This rule update was brought to you by Oinkmaster.
Written by Andreas Östling <andreaso at ...58...>


[*] Rule modifications: [*]

  [+++]           Added:           [+++]

     file -> netbios.rules
     alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB trans2open buffer overflow attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|ff 53 4d 42 32|"; offset:4; depth:5; content:"|00 14|"; offset:60; depth:2; byte_test:2,>,1024,0,relative,little; reference:cve,CAN-2003-0201; reference:url,www.digitaldefense.net/labs/advisories/DDI-1013.txt; classtype:attempted-admin; sid:2103; rev:2;)



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list