[Snort-users] help for FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow
bmc at ...312...
Fri Mar 23 11:26:35 EST 2001
chandrasekhar radhakrishnan wrote:
> I have been using snort-1.6.3.I have tried to test the
> FTP exploit wu-ftpd 2.6.0 site exec overflow.The
> system has failed to detect this.
> Also does this version of snort not take the + option
> for FLAGS parameter.What is the solution to this ; can
> I give all the parameters-UAPRSF12.
UM... Thats why snort doesn't detect it. If you specify any flags, then
the packet MUST have those flags and only those flags. You can modify
that behavior with +, -, and !
If you specify ALL flags, then you are only looking for packets that
have ALL flags set.
Upgrade snort to 1.7.0 so you can support the + option.
If you still have issues, capture raw pcap file (tcpdump -w) and e-mail
that to me. I'll take a look at the rule.
The MITRE Corporation
More information about the Snort-users