[Snort-sigs] add established on sid 2048 ?

rmkml rmkml at ...324...
Fri Jul 29 08:26:15 EDT 2005


Hi,

on sid 2048 :
misc.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 873 (msg:"MISC rsyncd 
overflow attempt"; flow:to_server; byte_test:2
,>,4000,0; content:"|00 00|"; depth:2; offset:2; reference:bugtraq,9153; 
reference:cve,2003-0962; reference:nessus,11943;
  classtype:misc-activity; sid:2048; rev:6;)

missing established word ?

Regards
Rmkml




More information about the Snort-sigs mailing list