[Snort-users] snmpXdmi try2

Brian Caswell bmc at ...312...
Thu Apr 19 02:44:16 EDT 2001


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC snmpXdmi overflow attempt"; flags:a+; content:"|8000 19a0|"; offset:0; depth:4; content:"|0001 8799 0000 0001 0000 0101|"; offset: 16; reference:bugtraq,2417; reference:cve,CAN-2001-0236; classtype:attempted-admin;)

Lets not write rules after eating past midnight again.

-brian




More information about the Snort-users mailing list