[Snort-sigs] sid 2518 typo?

Aaron W. DeLashmutt awd at ...2442...
Mon Aug 23 09:18:48 EDT 2004


Found in pop3.rules from snortrules-snapshot-2_2:
alert tcp $EXTERNAL_NET any -> $HOME_NET 995 (msg:"PO3 PCT Client_Hello overflow
attempt"; flow:to_server,established; content:"|01|"; depth:1; offset:2;
byte_test:2,>,0,6; byte_test:2,!,0,8; byte_test:2,!,16,8; byte_test:2,>,20,10;
content:"|8F|"; depth:1; offset:11; byte_test:2,>,32768,0,relative;
reference:bugtraq,10116; reference:cve,2003-0719;
reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx;
classtype:attempted-admin; sid:2518; rev:10;)

I assume this is a typo, and the msg should be 'POP3 PCT Client_Hello overflow
attempt'?
Nitpicky, I know....

---
[A]aron [W]. [D]eLashmutt <awd at ...2442...>





More information about the Snort-sigs mailing list