[Snort-users] Heap Spray String Floods

Matt Olney molney at ...1935...
Thu Feb 17 11:55:17 EST 2011

That's an Emerging Threats rule, not a VRT rule.  However, we have found
that the heap spray detection like these very useful and accurate.  Do you
have the packet payload that triggered these alerts?

On Thu, Feb 17, 2011 at 11:45 AM, Michael Lubinski <
michael.lubinski at ...11827...> wrote:

> After updating the rules today I have noticed a few hundred and counting ET
> Heap Spray alerts (see attached picture);
> My Snort VM is residing at the .200 IP.
> The laptop I am using is the .104
> Anyone have any ideas? I think it is related to the snort signature update,
> maybe something went amiss, not sure.
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110217/90a33eca/attachment.html>

More information about the Snort-users mailing list