[Snort-users] BOHTTP/BrownOrifice/Netscape ServerSocket sigs

Ryan Russell ryan at ...35...
Tue Aug 8 19:24:46 EDT 2000


There's already an advisory out on it as well, it's vulnerable to .. games
in the filenames.  See today's Bugtraq archives.  I assume there is
already a Whitehats rule to catch .. in URLs?

					Ryan

On Tue, 8 Aug 2000, Max Vision wrote:

> Hi,
> 
> I can't find the reference email anywhere but someone asked me if there
> were signatures to detect this.  I have written two, one for the java
> bytecode download, and another for a successful trojan installation:
> 
> IDS294/trojan-netscape-java-serversocket 
> http://whitehats.com/IDS/294
> 
> IDS295/trojan-netscape-java-brownorifice 
> http://whitehats.com/IDS/295
> 
> Max Vision
> http://whitehats.com/
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 





More information about the Snort-users mailing list