Dailydave mailing list archives
Re: The Hydrogen hundred dollar challenge
From: Dave Aitel <dave () immunitysec com>
Date: Tue, 12 Apr 2005 12:01:06 -0400
Brian wrote:
If you can cut that into a snort sig that I can test then I'd certainly pony up one 100 dollar beer :>. There might be a lot of protocols that do this sort of thing - like BO2K, H doesn't hvae a default port. Also, TCP isn't packet based...so I'd want to test to make sure Hydrogen really does send packets that big all at once. I usually assume a 512 MTU, since that's what I use when I'm hacking. :>On Mon, Apr 11, 2005 at 11:49:15PM -0400, Dave Aitel wrote:Anyways, I will give $100 dollars to the first person who posts a snort or nfr signature that can detect my private (slightly modded) version of Hydrogen. (i.e. make it reasonably generic, and let's not have it false-positive every time I browse the web). The idea here is to show that everything doesn't have to be spoon-fed to you Gerber-style.Does my 30 second grep of your code get me a beer? On a valid tcp session: if (first packet from client 4 bytes in length, store that as A) and if (next packet from client, A bytes in length) and if (first packet form server, 4 bytes in length, store that as B) and if (next packet from server, B bytes in length) Say "Hi dave!" Brian
-0dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Hydrogen hundred dollar challenge Dave Aitel (Apr 11)
- Re: The Hydrogen hundred dollar challenge Brian (Apr 12)
- Re: The Hydrogen hundred dollar challenge Dave Aitel (Apr 12)
- Re: The Hydrogen hundred dollar challenge Neil (Apr 12)
- Re: The Hydrogen hundred dollar challenge Jason (Apr 12)
- Re: The Hydrogen hundred dollar challenge Dave Aitel (Apr 12)
- Re: The Hydrogen hundred dollar challenge Brian (Apr 12)
- <Possible follow-ups>
- Re: The Hydrogen hundred dollar challenge Ron Gula (Apr 14)