[Snort-sigs] Sid 1893 FP
jhart at ...288...
Wed Jul 5 16:50:54 EDT 2006
On Fri, Jun 16, 2006 at 10:41:45AM -0700, Blake Hartstein wrote:
> The rule is looking for |04 00| offset 5, and depth 15. Thus, it starts
> looking at that offset, then stops looking once it reaches depth 15.
> It just so happens that the Request Id: 0x715e0400 is causing this rule
> to alert, even though a valid community string has been specified.
Sorry for never responding. This has popped up again.
I agree with what you said. Wouldn't this actually be a bug with this
rule, since the community in SNMP v1 and v2 starts at offset 5? I don't
see the need to walk 15 in, unless there is something about SNMP I am
missing (which is entirely possible).
More information about the Snort-sigs