[Snort-sigs] new rule for detect tftp32 get format string

rmkml rmkml at ...324...
Fri Jan 20 12:21:06 EST 2006


Hi,

please check and maybe add this new rule :

tftp.rules:alert udp $EXTERNAL_NET any -> $HOME_NET 69 (msg:"TFTP32 Get 
Format string attempt"; content:"|00 01|"; depth:2; content:"|2E|"; 
offset:2; nocase; classtype:attempted-admin; )

ref is :
http://www.securityfocus.com/archive/1/422405/30/0/threaded

Improve/comments are welcome.

This rule is offered by Crusoe Researches (Team)
http://www.crusoe-researches.com

Regards
Rmkml




More information about the Snort-sigs mailing list