[Snort-sigs] SID 291

Steven Alexander alexander.s at ...1565...
Fri Jun 20 08:57:24 EDT 2003


Both of the references indicated for this rule list the vulnerablity as
a denial of service and not an attempt to gain access as is reflected in
the classtype.  If the references are correct, the rule may need to be
reclassified.

alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"NNTP Cassandra
Overflow"; flow:to_server,established; content: "AUTHINFO USER"; nocase;
dsize: >512; depth:16; reference:cve,CAN-2000-0341;
reference:arachnids,274; classtype:attempted-user; sid:291; rev:6;) 

-steven




More information about the Snort-sigs mailing list