[Snort-users] SHELLCODE Attacks
mkettler at ...4108...
Fri Dec 5 14:38:01 EST 2003
At 05:16 PM 12/5/2003, Jeff wrote:
>The reasons for excluding webserver ports are that certain binary data can
>resemble shellcode. For example, a GIF color table can look like a NOP
>sled. Also, if you're using curses over telnet, it can also resemble
Agreed... And for reference, even though the ruleset in snort 2.0.5 is
broken (ie: http exclusion on the wrong side) this appears to be fixed in
snortrules-current and snortrules-stable, on the website.
More information about the Snort-users