Re: possible exploit

[Robert T Wyatt <robert.wyatt () mail utexas edu>]

Frank Knobbe wrote:
> Your Snort didn't alert on that? Mine do all the time. It's SID 1250
> (web-misc.rules). You might want to check your config to see if this
> rule file is loaded and to ensure you don't miss other sigs too.

Patrick S. Harper wrote:
> Old Cisco exploit.  I saw a bunch of them not too long ago.
>
> http://isc.sans.org/diary.php?storyid=1104

Thanks folks, I think it must have happened right when I was restarting 
snort after a rule update.

I will watch for this in the future to ensure that my setup is correct.

Thanks again,
Robert


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users