Snort mailing list archives
Re: possible exploit
From: Robert T Wyatt <robert.wyatt () mail utexas edu>
Date: Wed, 15 Feb 2006 12:39:43 -0600
Frank Knobbe wrote:
Your Snort didn't alert on that? Mine do all the time. It's SID 1250 (web-misc.rules). You might want to check your config to see if this rule file is loaded and to ensure you don't miss other sigs too.
Patrick S. Harper wrote: > Old Cisco exploit. I saw a bunch of them not too long ago. > > http://isc.sans.org/diary.php?storyid=1104Thanks folks, I think it must have happened right when I was restarting snort after a rule update.
I will watch for this in the future to ensure that my setup is correct. Thanks again, Robert ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- possible exploit Robert T Wyatt (Feb 15)
- RE: possible exploit Patrick S. Harper (Feb 15)
- Re: possible exploit Frank Knobbe (Feb 15)
- Re: possible exploit Robert T Wyatt (Feb 15)
- Re: possible exploit Robert T Wyatt (Feb 16)
- Re: possible exploit Robert T Wyatt (Feb 15)