[Snort-sigs] [SPAM] FN on community very old sid 1253 rev 21?

rmkml rmkml at ...174...
Mon Apr 22 17:10:42 EDT 2013


Hi,

Can you check flow side on this very old rule cause FN please? (this rule 
are not enabled by default)

  alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET bsd exploit client finishing"; flow:to_client,established; dsize:>200; 
content:"|FF F6 FF F6 FF FB 08 FF F6|"; depth:50; offset:200; rawbytes; metadata:ruleset community, service telnet; reference:bugtraq,3064; 
reference:cve,2001-0554; reference:nessus,10709; classtype:successful-admin; sid:1253; rev:21;)

Regards
Rmkml

http://twitter.com/rmkml




More information about the Snort-sigs mailing list