Snort mailing list archives
RE: Undocumented SIDs
From: "Willy, Andrew" <AWilly () eSMIL net>
Date: Thu, 21 Jul 2005 13:55:01 -0700
I'm using the general signatures from Sourcefire. I read that the exploit can impact memory on the target device, DoS style, but other than an old version of Apache I can't find out what is vulnerable. It seems like an antiquated exploit but I'm concerned at how many we're suddenly receiving, and from the variety of origins. Thank you, Andrew -----Original Message----- From: Ron [mailto:iago () valhallalegends com] Sent: Thursday, July 21, 2005 1:43 PM To: Willy, Andrew Subject: Re: [Snort-users] Undocumented SIDs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Bleeding-Snort (www.bleedingsnort.org) triggers an incoming worm attack rule for this. If it's the same one I've been seeing, it's an exploit versus IIS. But the general signature doesn't say that, it just detects a very long URI, which can mean anything. Willy, Andrew wrote:
List, Do any of you know off-hand a good place to get information on the alerts that aren't documented, such as OVERSIZE REQUEST-URI DIRECTORY, etc. I Googled away and did not find anything comprehensive. Thanks Andrew
NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to support () esmil com - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Undocumented SIDs Willy, Andrew (Jul 21)
- <Possible follow-ups>
- Re: Undocumented SIDs Nigel Houghton (Jul 21)
- Undocumented SIDs Willy, Andrew (Jul 21)
- Re: Undocumented SIDs Matt Kettler (Jul 21)
- Re: Undocumented SIDs M. Shirk (Jul 21)
- Re: Undocumented SIDs Matt Kettler (Jul 21)
- RE: Undocumented SIDs Willy, Andrew (Jul 21)
- RE: Undocumented SIDs Willy, Andrew (Jul 21)
- Re: Undocumented SIDs Matt Kettler (Jul 21)