[Snort-sigs] Unknown IIS Issue

Frank Knobbe frank at ...1978...
Wed Jul 28 11:41:18 EDT 2004


On Wed, 2004-07-28 at 13:25, Matthew Jonkman wrote:
> I am certain they were real. I've grabbed the exploit code and run it 
> myself and got the same string in the same place in the stream. That's 
> good enough for me to be sure.

So, are you saying the other rule is broken, possibly because it is
using an offset which doesn't match the real exploit(s)? In other words,
would it be better to match the string without an offset?

Later,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040728/3601ffeb/attachment.sig>


More information about the Snort-sigs mailing list