[Snort-sigs] Question on SID 285
alexander.s at ...1565...
Tue Jun 10 12:13:03 EDT 2003
I intended to say that "." represents the non-printable characters in ".BIN.SH". That's a rather convoluted way to put things however and I should have simply indicated that the "/" was replaced with a non-printable character as this makes more sense.
>The last bytes of this shellcode correspond to the ascii ".BIN.SH" which
>would also not work. The first bytes "eb2c 5b89 d980 c106 39d9 7c07
>8001" correspond to some of the executable code and would however be
>detected by SID 284.
More information about the Snort-sigs