[Snort-users] Shellcode x86 setgid 0

Lance Spitzner lance at ...2024...
Sun May 13 13:49:43 EDT 2001


On Sun, 13 May 2001, H D Moore wrote:

> Source port 20 to the high port 61470 indicates that a FTP transfer was
> occuring from 212.156.199.157 to 216.162.197.11.  The shellcode signature was
> triggered by some binary data in the file that happened to match the x86
> assembly for setgid0.  Gif images and Zip files tend to set mine off all the
> time...

So does Bugtraq email and Word .doc's that have content describing exploit
attacks :)

lance





More information about the Snort-users mailing list