[Snort-sigs] new rule for detect snmp trap format string

rmkml rmkml at ...324...
Mon Jan 30 02:12:02 EST 2006


Hi,

please check and maybe add this new rule :

snmp.rules:alert udp $EXTERNAL_NET any -> $HOME_NET 162 (msg:"SNMP trap 
Format String detected"; content:"%s"; reference:bugtraq,16267; 
reference:cve,2006-0250; reference:osvdb,22493; classtype:attempted-recon; )

Improve/comments are welcome.

This rule is offered by Crusoe Researches (Team)
http://www.crusoe-researches.com

Regards
Rmkml




More information about the Snort-sigs mailing list