[Snort-sigs] Re: [Snort-users] Suggested Sig for Cisco DOS Vulnerability

Brian bmc at ...95...
Fri Jul 18 10:58:56 EDT 2003


FYI, we've released "official" sigs for the cisco DOS.  I've been
informed that Sourceforge's anoncvs server is 24 hours behind the
cvs server we (the developers) commit to.

alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 53 (SWIPE)"; ip_proto:53; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2186; rev:1;)
alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 55 (IP Mobility)"; ip_proto:55; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2187; rev:1;)
alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 77 (Sun ND)"; ip_proto:77; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2188; rev:1;)
alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 103 (PIM)"; ip_proto:103; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2189; rev:1;)

-brian




More information about the Snort-sigs mailing list