[Snort-sigs] snort-rules CURRENT update @ Wed Apr 16 20:16:11 2003

bmc at ...95... bmc at ...95...
Wed Apr 16 17:17:03 EDT 2003


This rule update was brought to you by Oinkmaster.
Written by Andreas Östling <andreaso at ...58...>


[*] Rule modifications: [*]

  [///]       Modified active:     [///]

     file -> netbios.rules
     old: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB trans2open buffer overflow attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|ff 53 4d 42 32|"; offset:4; depth:5; content:"|00|"; distance:1; within:1; content:"|00 00 00 00 00 00 00 00 00 00 00 00|"; distance:5; within:12; content:"|00 14|"; distance:32; within:2; byte_test:2,>,1024,0,relative,little; reference:cve,CAN-2003-0201; reference:url,www.digitaldefense.net/labs/advisories/DDI-1013.txt; classtype:attempted-admin; sid:2103; rev:1;)
     new: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB trans2open buffer overflow attempt"; flow:to_server,established; content:"|00|"; offset:0; depth:1; content:"|ff 53 4d 42 32|"; offset:4; depth:5; content:"|00 14|"; offset:60; depth:2; byte_test:2,>,1024,0,relative,little; reference:cve,CAN-2003-0201; reference:url,www.digitaldefense.net/labs/advisories/DDI-1013.txt; classtype:attempted-admin; sid:2103; rev:2;)





More information about the Snort-sigs mailing list