[Snort-sigs] sid 2518 typo?

Brian bmc at ...95...
Mon Aug 23 11:23:15 EDT 2004


On Wed, Aug 18, 2004 at 04:22:58PM -0400, Aaron W. DeLashmutt wrote:
> Found in pop3.rules from snortrules-snapshot-2_2:
> alert tcp $EXTERNAL_NET any -> $HOME_NET 995 (msg:"PO3 PCT Client_Hello overflow
> attempt"; flow:to_server,established; content:"|01|"; depth:1; offset:2;
> byte_test:2,>,0,6; byte_test:2,!,0,8; byte_test:2,!,16,8; byte_test:2,>,20,10;
> content:"|8F|"; depth:1; offset:11; byte_test:2,>,32768,0,relative;
> reference:bugtraq,10116; reference:cve,2003-0719;
> reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx;
> classtype:attempted-admin; sid:2518; rev:10;)
> 
> I assume this is a typo, and the msg should be 'POP3 PCT Client_Hello overflow
> attempt'?
> Nitpicky, I know....

yes, it should.  I'll fix it shortly.

-b




More information about the Snort-sigs mailing list