richard.bennett at ...1841...
Wed Feb 11 09:19:37 EST 2004
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others. References in the rules themselves
# should be used for linking to other's work.
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
False positives using Sherlock under Mac OS X 10.3
Using Sherlock under Mac OS X 10.3 gives this message:
[Classification: Attempted User Privilege Gain] [Priority: 1]
02/10-20:09:39.336518 188.8.131.52:80 -> 192.168.123.xxx:62323
TCP TTL:112 TOS:0x80 ID:8065 IpLen:20 DgmLen:1269 DF
***A**** Seq: 0xC38A0590 Ack: 0xA44D71C4 Win: 0xFDF0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 27881030 2326570985
[Xref => http://www.securityfocus.com/bid/5293]
Mac OS X 10.3 running Sherlock
Ease of Attack:
I don't know.
More information about the Snort-sigs