Snort mailing list archives
RE: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results
From: "Smith, Donald" <Donald.Smith () qwest com>
Date: Fri, 18 Jul 2003 13:17:31 -0600
The content is very easy to change:-) Its just a for loop incrementing by 1.
Also, a number of people have posted sigs that are not only matching based on IP protocol number, but also on content. Obviously this will only catch the *tool* being used, and not the *exploit* which is far
_Excellent_ point. It might even make sense to use both sets of rules; the content-specific rules to identify that the original tool is being used, and the more generic protocol-only rules afterwards to show that someone's trying to exploit those protocols, but they're using a different tool. Cheers, - Bill ------------------------------------------------------------------------ --- "Cogito ergo sum...cogito." (Courtesy of Bob Hillery <rhillery () tec nh us>) ------------------------------------------------------------------------ -- William Stearns (wstearns () pobox com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org Linux articles at: http://www.opensourcedigest.com ------------------------------------------------------------------------ -- ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results Smith, Donald (Jul 21)
- <Possible follow-ups>
- RE: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results scheidell (Jul 21)
- Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results Marc Quibell (Jul 22)
- RE: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results Smith, Donald (Jul 22)