[Snort-users] EXPLOIT x86 NOPS

Fyodor fygrave at ...121...
Fri Apr 6 11:07:23 EDT 2001


> I have received some alerts and I'm not sure if their for real..
> 
> [**] EXPLOIT x86 NOPS [**]
> 04/05-14:58:19.599813 0:40:5:59:D4:82 -> FF:FF:FF:FF:FF:FF
> type:0x800 len:0x107
> X.X.4.10:138 -> X.X.4.255:138 UDP TTL:128 TOS:0x0 ID:26092 IpLen:20
> DgmLen:249 Len: 229

That looks interesting, looks like something is broadcasting udp/netbios packets in your network which contain 0x90, 0x90. Any chance to log these packets? :)




More information about the Snort-users mailing list