[Snort-users] Shellcode x86 setgid 0

Togan Muftuoglu toganm at ...603...
Sun May 13 11:23:23 EDT 2001


* H D Moore <hdm at ...1714...> [010513 18:10]:
> Source port 20 to the high port 61470 indicates that a FTP transfer was 
> occuring from 212.156.199.157 to 216.162.197.11.  The shellcode signature was 
> triggered by some binary data in the file that happened to match the x86 
> assembly for setgid0.  Gif images and Zip files tend to set mine off all the 
> time...

I was downloading an iso.gz file yet this is the first time I am
having this message (actually that was the first time I was using that
downloader so maybe there could be something with the downloader)

So  my guess as a false positive is true 

-- 
Togan Muftuoglu





More information about the Snort-users mailing list