[Snort-sigs] SHELLCODE x86 inc ebx NOOP : Risk of false positives

Jean-Michel Barbet Jean-Michel.Barbet at ...2427...
Tue Apr 27 07:50:05 EDT 2004


# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work.
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
#
# $Id$
#
#

Rule: SHELLCODE x86 inc ebx NOOP

--
Sid: 1390

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives: In the physic research community where Fortran is still
largely used, some comments in the code can be in the form of a string 
of 'C's like the following example :
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
C...STOP EIGENVALUES CALCULATION
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC


--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:

-- 



------------------------------------------------------------------------
Jean-michel BARBET                    | Tel: +33 (0)2 51 85 84 86
Laboratoire SUBATECH Nantes France    | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet at ...2427...
------------------------------------------------------------------------




More information about the Snort-sigs mailing list