[Snort-users] Shellcode x86 setgid 0
H D Moore
hdm at ...1714...
Sun May 13 11:05:47 EDT 2001
Source port 20 to the high port 61470 indicates that a FTP transfer was
occuring from 184.108.40.206 to 220.127.116.11. The shellcode signature was
triggered by some binary data in the file that happened to match the x86
assembly for setgid0. Gif images and Zip files tend to set mine off all the
On Sunday 13 May 2001 09:41 am, Togan Muftuoglu wrote:
> Although it could be bad traffic (and hopefully false positive) I just
> wanted to be sure I am using snort 1.8 beta 3 and snort is running on
> the firewall which is masquareding for the local network.
> May 13 13:41:28 gardiyan snort: SHELLCODE x86 setgid 0
> [Classification: \210à^P^H\200¢^T^H¸²^T^H Priority: 10]:
> 18.104.22.168:20 -> 22.214.171.124:61470
More information about the Snort-users