Snort mailing list archives
Suggested Sig for Cisco DOS Vulnerability
From: "Compton, Rich" <RCompton () chartercom com>
Date: Fri, 18 Jul 2003 00:57:39 -0500
Hey guys, Doesn't look like a exploit exists as of yet but Cisco just released what IP protocols cause the DOS so it won't be long until there is one! Here's what I'm using to try to identify this traffic: alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 53 Cisco DOS Packet"; ip_proto: 53; classtype:denial-of-service;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 55 Cisco DOS Packet"; ip_proto: 55; classtype:denial-of-service;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 77 Cisco DOS Packet"; ip_proto: 77; classtype:denial-of-service;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 103 Cisco DOS Packet"; ip_proto: 103; classtype:denial-of-service;) Here's the Cisco advisory: http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml -Rich Compton ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suggested Sig for Cisco DOS Vulnerability Compton, Rich (Jul 18)
- Re: Suggested Sig for Cisco DOS Vulnerability Muenz, Michael (Jul 18)
- Re: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability Michael Scheidell (Jul 18)
- RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability Eric Hines (Jul 18)
- Re: Suggested Sig for Cisco DOS Vulnerability Brian (Jul 18)
- Compile problems with SNOT Eric Hines (Jul 18)