Snort mailing list archives
Re: Shellcode x86 setgid 0
From: Lance Spitzner <lance () honeynet org>
Date: Sun, 13 May 2001 12:49:43 -0500 (CDT)
On Sun, 13 May 2001, H D Moore wrote:
Source port 20 to the high port 61470 indicates that a FTP transfer was occuring from 212.156.199.157 to 216.162.197.11. The shellcode signature was triggered by some binary data in the file that happened to match the x86 assembly for setgid0. Gif images and Zip files tend to set mine off all the time...
So does Bugtraq email and Word .doc's that have content describing exploit attacks :) lance _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Shellcode x86 setgid 0 Togan Muftuoglu (May 13)
- Re: Shellcode x86 setgid 0 H D Moore (May 13)
- Re: Shellcode x86 setgid 0 Togan Muftuoglu (May 13)
- Re: Shellcode x86 setgid 0 Lance Spitzner (May 13)
- Re: Shellcode x86 setgid 0 H D Moore (May 13)