[Snort-sigs] SNMP Missing Community String Signature FP

Jon Hart jhart at ...288...
Mon Jul 10 19:16:51 EDT 2006


On Mon, Jul 10, 2006 at 06:11:14PM -0500, Eric Hines wrote:
> >>>---- example packet -----
> >>>
> >>>0fdd 00a1 0033 d483 3029 0201 0004 0670         .......3..0).....p
> >>>7562 6c69 63a0 1c02 0400 a063 f602 0100 0201    ublic......c......
> >>>0030 0e30 0c06 082b 0601 0201 0103 0005 00      .0.0...+.........

This could be either a Snort bug, or a mistype/mispaste/misunderstanding
on your part.  '0fdd' == 4061 and '00a1' == 161, which are your source
and destination ports, respectively.  The SNMP payload starts at bytes
'3029'.  From there, the depth/offset stuff starts to make sense.  


-jon




More information about the Snort-sigs mailing list