[Snort-sigs] Newbie question on traffic

William_Metcalf@...1445... count_zero_rod at ...12...
Thu Nov 20 06:47:06 EST 2003


Is there any easy way to convert shellcode from an exploit to a sig for snort.  I just want to make sure that I'm correct in assuming that something like 

\xeb\x19\x5e\x31\xc9\x81\xe9\xa6\xff\xff\xff\x81\x36\x99\x99\x99 

should look like this in a packet dump

eb 19 5e 31 c9 81 e9 a6 ff ff ff 81 36 99 99 99 

Is this correct???????

Regards,

Will
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20031120/0ae366f8/attachment.html>


More information about the Snort-sigs mailing list