[Snort-sigs] Error in http://www.snort.org/snort-db/sid.html?sid=618 and 620
kbjo at ...1893...
Tue Sep 23 01:23:06 EDT 2003
I am new to this list - hope I do this correctly.
There is an error in the Snort rule doc-pages for SID 618 and 620 -
probably forgotten because of its triviality:
"An attacker can determine if ports 21 and 20 are being used for FTP.
Then the attacker might find out that the FTP service is vulnerable to a
particular attack and is then able to compromise the host."
This is obviuosly wrong since the rules catches Squid proxy attempts on
port 8080 and 3128.
I am not sure about the right formulation - what about - for SID 618:
An attacker can determine if port 3128 are used by a Squid Proxy
Links from Squid Proxies in $EXTERNAL_NET
For SID 620:
An attacker can determine if port 8080 are used by a Squid Proxy
Traffic to ordinary web servers using port 8080
--Knut Bjornstad -- ErgoIntegration AS ---Oslo, Norway-------
--kbjo at ...1893... -- t:47 23 14 53 36 -- mob: 901 15 917 --
More information about the Snort-sigs