[Snort-users] EXPLOIT x86 NOPS

Ralf Hildebrandt Ralf.Hildebrandt at ...821...
Fri Apr 6 10:57:05 EDT 2001


On Fri, Apr 06, 2001 at 09:11:10AM -0400, Christopher C. Northrop wrote:
> Group,
> 
> I have received some alerts and I'm not sure if their for real..
> 
> [**] EXPLOIT x86 NOPS [**]
> 04/05-14:58:19.599813 0:40:5:59:D4:82 -> FF:FF:FF:FF:FF:FF
> type:0x800 len:0x107
> X.X.4.10:138 -> X.X.4.255:138 UDP TTL:128 TOS:0x0 ID:26092 IpLen:20
> DgmLen:249 Len: 229

Check the packet traces!

> Any suggestions, please advise.
If you're using binary log format (-b), let snort decode that into legible
packet dumps; the show'em

-- 
ralf.hildebrandt at ...821...                            innominate AG
System Engineer                        Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX  fax: +49.(0)30.308806-698         

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010406/8034bacf/attachment.sig>


More information about the Snort-users mailing list