[Snort-sigs] new rule for detect ntpd fingerprint

rmkml rmkml at ...324...
Sun Dec 4 03:00:03 EST 2005


Hi,

please check and maybe add this new rule :

misc.rules:alert udp $EXTERNAL_NET 1023: -> $HOME_NET 123 (msg:"MISC Ntp 
fingerprint detect"; dsize:48; content:"|BE 78 2F 1D 19 BA 00 00|"; 
classtype:attempted-dos; )

http://www.arhont.com/digitalAssets/211_ntp-fingerprint.tar.gz

Improve/comments are welcome.

Regards
Rmkml




More information about the Snort-sigs mailing list