[Snort-sigs] False +ves for SID 2657 :EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt

Russell Fulton r.fulton at ...575...
Tue Dec 14 14:06:01 EST 2004


Hi I am seeing about 2500 of these a day between two 'trusted' systems:

META
--------
SID	CID	TimeStamp		Signature
7	203852	2004-12-14 11:03:32	EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt
Sig ID
2657

IP
--------
Source Address	Dest Address	Ver	Hdr Len
130.216.120.4	130.216.74.4	4	5
TOS	length	ID	flags	offset	TTL	chksum
0	313	18880	2	0	64	10310

Resolved Source
ctru.auckland.ac.nz

Resolved Dest
www.ctru.auckland.ac.nz 

TCP
--------
Source Port	Dest Port	Seq		Ack		
3828		443		295974195	4027509575
Offset	Reserved	Flags	Window	Checksum	Urgent Ptr
8	0		24	31856	50184		0

Options
--------
None


Flags
--------
RB 1	RB 0	URG	ACK	PSH	RST	SYN	FIN
			X	X				

DATA
--------
1703010100F91C09F180	..........
D57D76CD8D2B569CA8E3	.}v..+V...
FDC5D0C1358B6DE3BADA	....5.m...
A458EA9F3F8E9B674525	.X..?..gE%
B49262F5059798D49EC1	..b.......
61C50BC5723BEEAE90C0	a...r;....
31277D130476E72314BB	1'}..v.#..
BE0A67F12EBDFB4CBC98	..g....L..
78312C8797AE994C3405	x1,....L4.
E726B3193FAF9F936E26	.&..?...n&
55D3803BB6E8C13CE856	U..;...<.V
B553976337342C6B4C02	.S.c74,kL.
9663D2035F55B4BB0747	.c.._U...G
0C0A7402648BE7546006	..t.d..T`.
EA3029160340075CF9B1	.0).. at ...180...\..
436653BC7C5B2F572345	CfS.|[/W#E
15AD18E556722931FEA3	....Vr)1..
0F5765FC4CFCABE750B6	.We.L...P.
68A38293064449EF7446	h....DI.tF
3F89B5998983E2B14465	?.......De
A45674BB55A527AF385E	.Vt.U.'.8^
47D92E0ECF94DA07D7E0	G.........
5EC100549B4B586AEE36	^..T.KXj.6
E354B07307593902D429	.T.s.Y9..)
3151F50D3227B08CD179	1Q..2'...y
B978C14A73789EE79355	.x.Jsx...U
6D	m





More information about the Snort-sigs mailing list