[Snort-sigs] proposed change to rule

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Mon Jan 27 12:38:30 EST 2003


Unfortunately, if someone creates a valid connection on this port and
begins xfering data... every packet seems to be logged.  Adding syn may
help

alert tcp $EXTERNAL_NET any -> $HOME_NET 705 (msg:"SNMP AgentX/tcp
request"; reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013;
classtype:attempted-recon; sid:1421; rev:2;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 705 (msg:"SNMP AgentX/tcp
request"; flags:S; reference:cve,CAN-2002-0012;
reference:cve,CAN-2002-0013; classtype:attempted-recon; sid:1421;
rev:3;)





More information about the Snort-sigs mailing list