[Snort-users] Anyone got a rule for the latest Cisco bug?

Brian bmc at ...950...
Thu Jul 17 18:06:15 EDT 2003


On Fri, Jul 18, 2003 at 10:12:09AM +1200, Jason Haar wrote:
> Apparently some hacked IPv4 packet sent at a Cisco router's actual IP
> address can cause a table to fill up - causing the router to become unusable.

Well, you should have done this a long time ago.  Standard policy based IDS.

  alert ip ![$ROUTERS,$ADMINS] any -> $ROUTERS any (msg:"evil router foo";)

-brian




More information about the Snort-users mailing list