[Snort-users] Urgent!! ddos-stacheldraht server-spoof
vision at ...4...
Fri Mar 30 22:37:09 EST 2001
Well, the ICMPID of 666 is certainly suspicious, however now that I look
back at the data, it looks like the packets will usually be padded with
Actually, I think this signature needs to be revised, as now that I think
of it, those "????" in the payload are very familiar... what is that
I will change this rule to include "dsize: >32;" which should mitigate
these until it can be sorted out.
More information about the Snort-users