[Snort-users] a new worm 4 linux - Adore
vision at ...4...
Thu Apr 5 09:49:11 EDT 2001
On Thu, 5 Apr 2001, Max Vision wrote:
> http://whitehats.com/info/IDS457 LPRng-redhat7-overflow-security.is
On closer inspection (oops!) it looks like I did not write this rule, it
was contributed by NIT security. Unfortunately I didn't have time to test
it after it was submitted, and it could use some improvement.
Most notably, the content field should key on the shellcode instead of the
format strings variable area towards the top of the packet.
I will fix this and push the update to the public site in a few minutes.
More information about the Snort-users