[Snort-sigs] Unknown IIS Issue
frank at ...1978...
Wed Jul 28 11:41:18 EDT 2004
On Wed, 2004-07-28 at 13:25, Matthew Jonkman wrote:
> I am certain they were real. I've grabbed the exploit code and run it
> myself and got the same string in the same place in the stream. That's
> good enough for me to be sure.
So, are you saying the other rule is broken, possibly because it is
using an offset which doesn't match the real exploit(s)? In other words,
would it be better to match the string without an offset?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-sigs