[Snort-sigs] Authorization overflow ?

Frank Knobbe frank at ...1978...
Mon Aug 8 08:52:47 EDT 2005


On Mon, 2005-08-08 at 12:37 +0200, rmkml wrote:
> 17:38:18.047054 83.81.37.203.1574 > x.x.x.x.80: . [tcp sum ok] 
> 4038566652:4038568112(1460) ack 3750935641 win 64240 (DF) (ttl 117, id 
> 53120, len 1500)
> GET / HTTP/1.0\r\nHost: x.x.x.x\r\nAuthorization: 
> Negotiate 
> YIIQegYGKwYBBQUCoIIQbjCCEGqhghBmI4IQYgOCBAEAQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
> QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ
> UFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU

That's covered by SID 2001985 in the BleedingSnort rules.

And yes, it's a rather noisy one. We see TONS of these daily. It can be
considered background noise on par with crap like SQL Slammer.

Regards,
Frank


-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050808/c26532c7/attachment.sig>


More information about the Snort-sigs mailing list