[Snort-sigs] FPs for SMTP SSLv3 openssl get shared ciphers overflow attempt 8435

Matthew Watchinski mwatchinski at ...435...
Thu Aug 2 10:49:30 EDT 2007


Anyway to get a full session pcap of this one?

Thanks
-matt

Russell Fulton wrote:
> I am also seeing quite a few of these:
> 
> META 	
> SID 	CID 	TimeStamp 	Signature 	Sig ID
> 6 	6590548 	2007-07-04 14:29:58 	SMTP SSLv3 openssl get shared ciphers overflow 
> attempt 	8435 <http://www.snort.org/snort-db/sid.html?sid=8435>
> 
> Sensor Hostname 	Sensor Interface
> monitor-dmzo.isec.auckland.ac.nz 	dmz sensor
> 
> IP 	
> Source Address 	Dest Address 	Ver 	Hdr Len 	TOS 	length 	ID 	flags 	offset 
> TTL 	chksum
> 210.48.74.103 	130.216.190.11 	4 	5 	0 	140 	20075 	2 	0 	116 	23173
> 
> Resolved Source 	Resolved Dest
> ip-210-48-74-103.iconz.net.nz 	groucho.itss.auckland.ac.nz
> 
> TCP 	
> Source Port 	Dest Port 	Seq 	Ack 	Offset 	Reserved 	Flags 	Window 	Checksum 
> Urgent Ptr
> 3427 	25 	1047465774 	205133145 	5 	0 	24 	65329 	32366 	0
> 
> Options
> None
> 
> Flags
> 
> RB 1 	RB 0 	URG 	ACK 	PSH 	RST 	SYN 	FIN
> 
> 	
> 	
> 	X 	X 	
> 	
> 	
> 
> DATA 	
> 
> 160300005F0100005B03
> 
> 00468B0627688323A11D
> 
> AC9301BE123C8ED1D859
> 
> 2D2A4059CEA85BFF2F53
> 
> 73A54800003400390038
> 
> 003500160013000A0033
> 
> 0032002F006600050004
> 
> 00630062006100150012
> 
> 00090065006400600014
> 
> 00110008000600030100
> 
> 
>             
> 
> 	
> 
> ...._...[.
> 
> .F..'h.#..
> 
> .....<...Y
> 
> -*@Y..[./S
> 
> s.H..4.9.8
> 
> .5.......3
> 
> .2./.f....
> 
> .c.b.a....
> 
> ...e.d.`..
> 
> ..........
> 
> 
>             
> 
> --------------------------------------------------------------------------------
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list