[Snort-sigs] SNMP Missing Community String Signature FP

Eric Hines eric.hines at ...1663...
Mon Jul 10 19:19:24 EDT 2006


Yep, nice call. I forgot about the UDP header, I was counting the 
protocol header when starting my offset counting.

Thanks everyone.

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC


--------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

--------------------------------------------------

Email:   eric.hines at ...1663...
Address: 1095 Pingree Road
          Suite 213
          Crystal Lake, IL
          60014
Tel:     (877) 262-7593 ext:327
Local:   (847) 854-5831
Fax:     (847) 854-5106
Web:     http://www.appliedwatch.com

--------------------------------------------------
Security Management for the Open Source Enterprise





Jon Hart wrote:
> On Mon, Jul 10, 2006 at 06:11:14PM -0500, Eric Hines wrote:
>>>>> ---- example packet -----
>>>>>
>>>>> 0fdd 00a1 0033 d483 3029 0201 0004 0670         .......3..0).....p
>>>>> 7562 6c69 63a0 1c02 0400 a063 f602 0100 0201    ublic......c......
>>>>> 0030 0e30 0c06 082b 0601 0201 0103 0005 00      .0.0...+.........
> 
> This could be either a Snort bug, or a mistype/mispaste/misunderstanding
> on your part.  '0fdd' == 4061 and '00a1' == 161, which are your source
> and destination ports, respectively.  The SNMP payload starts at bytes
> '3029'.  From there, the depth/offset stuff starts to make sense.  
> 
> 
> -jon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eric.hines.vcf
Type: text/x-vcard
Size: 372 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060710/278c57e0/attachment.vcf>


More information about the Snort-sigs mailing list