Snort mailing list archives
Re: Suggested Sig for Cisco DOS Vulnerability
From: "Muenz, Michael" <linux () leute server de>
Date: Fri, 18 Jul 2003 14:57:55 +0200
Hey guys, Doesn't look like a exploit exists as of yet but Cisco just released what
IP
protocols cause the DOS so it won't be long until there is one!
On heise.de ... a public german IT News site they told about exploits found in the wild.
Here's what I'm using to try to identify this traffic: alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 53 Cisco DOS Packet"; ip_proto: 53; classtype:denial-of-service;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 55 Cisco DOS Packet"; ip_proto: 55; classtype:denial-of-service;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 77 Cisco DOS Packet"; ip_proto: 77; classtype:denial-of-service;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Protocol 103 Cisco
DOS
Packet"; ip_proto: 103; classtype:denial-of-service;)
proto 53 is very noisy in my network. In my list it's only called "SWIPE - IP with Encryption". - Michael ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suggested Sig for Cisco DOS Vulnerability Compton, Rich (Jul 18)
- Re: Suggested Sig for Cisco DOS Vulnerability Muenz, Michael (Jul 18)
- Re: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability Michael Scheidell (Jul 18)
- RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability Eric Hines (Jul 18)
- Re: Suggested Sig for Cisco DOS Vulnerability Brian (Jul 18)
- Compile problems with SNOT Eric Hines (Jul 18)