[Snort-sigs] Newbie question on traffic

William_Metcalf@...1445... count_zero_rod at ...12...
Thu Nov 20 06:47:06 EST 2003

Is there any easy way to convert shellcode from an exploit to a sig for snort.  I just want to make sure that I'm correct in assuming that something like 


should look like this in a packet dump

eb 19 5e 31 c9 81 e9 a6 ff ff ff 81 36 99 99 99 

Is this correct???????


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20031120/0ae366f8/attachment.html>

More information about the Snort-sigs mailing list