[Snort-sigs] Avoidance of 2597.2 (WEB-MISC Samba SWAT Authorization overflow attempt)
bmc at ...95...
Wed Aug 4 14:24:11 EDT 2004
On Wed, Aug 04, 2004 at 02:38:00PM -0600, nnposter at ...592... wrote:
> Current version of the rule incorrectly assumes specific spacing.
> As a result, an attacker can easily get around the signature.
Go read the source to SWAT. It requires explicit spacing.
rev 1 had more better evasion foo, but this is specific to SWAT.
More information about the Snort-sigs