[Snort-sigs] Update to snort rules (SNMP AgentX/tcp request)

Bill Bernabe billbernabe at ...2420...
Wed Feb 9 06:27:01 EST 2005


# I have added a false positive to this rule
# (see below)

Rule:	alert tcp $EXTERNAL_NET any -> $HOME_NET 705 (msg:"SNMP
AgentX/tcp request"; flow:stateless; reference:bugtraq,4088;
reference:bugtraq,4089; reference:bugtraq,4132;
reference:cve,2002-0012; reference:cve,2002-0013;
classtype:attempted-recon; sid:1421; rev:11;)

--
Sid:	1:1421

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:	Running an Nmap TCP SYN stealth port scan against
port 705 will trigger this event in snort.

--
False Negatives:

--
Corrective Action:

--
Contributors: N/A (Bill Bernabe)

-- 
Additional References:




More information about the Snort-sigs mailing list