[Snort-users] Heap Spray String Floods

Michael Lubinski michael.lubinski at ...11827...
Thu Feb 17 12:05:07 EST 2011


two payloads

On Thu, Feb 17, 2011 at 10:55 AM, Matt Olney <molney at ...1935...> wrote:

> That's an Emerging Threats rule, not a VRT rule.  However, we have found
> that the heap spray detection like these very useful and accurate.  Do you
> have the packet payload that triggered these alerts?
>
>  On Thu, Feb 17, 2011 at 11:45 AM, Michael Lubinski <
> michael.lubinski at ...11827...> wrote:
>
>>  After updating the rules today I have noticed a few hundred and counting
>> ET Heap Spray alerts (see attached picture);
>>
>> My Snort VM is residing at the .200 IP.
>> The laptop I am using is the .104
>>
>> Anyone have any ideas? I think it is related to the snort signature
>> update, maybe something went amiss, not sure.
>>
>>
>> ------------------------------------------------------------------------------
>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>> Pinpoint memory and threading errors before they happen.
>> Find and fix more than 250 security defects in the development cycle.
>> Locate bottlenecks in serial and parallel code that limit performance.
>> http://p.sf.net/sfu/intel-dev2devfeb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110217/18224ca0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: payload_51-2653.zip
Type: application/zip
Size: 1364 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110217/18224ca0/attachment.zip>


More information about the Snort-users mailing list