[Snort-sigs] remove bid 0866 on sid 1911 ? (snort233b14)

rmkml rmkml at ...324...
Mon Jun 13 13:21:04 EDT 2005


Hi,

sid 1911 is :
rpc.rules:alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC sadmind 
UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"; content:"|00 01 
87 88|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; 
distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; 
byte_jump:4,124,relative,align; byte_jump:4,20,relative,align; 
byte_test:4,>,512,4,relative; content:"|00 00 00 00|"; depth:4; offset:4; 
reference:bugtraq,0866; reference:bugtraq,866; reference:cve,1999-0977; 
classtype:attempted-admin; sid:1911; rev:10;)

remove bid 0866 because already bid 866 on sid 1911 ?

regards
Rmkml





More information about the Snort-sigs mailing list