snort rule

[lokesh sharma <lokeshpunjabi_1984 () yahoo com au>]

can you help me
  to write rules regarding DHCP
  The rule is
  "detect all attempts to exploit this vulnerability. In particular, it should detect attempts by any computer making 
DHCP requests where hte Hlen field has an invalid value, and where the following byte-code sequence is found anywhere 
in the Sname or File fields. The byte-code sequence should not be matched in any other field of the request. The 
byte-code sequence (in hexadecimal) is:
  01 48 23 87 AB 1F FA 2C 9A 00 00 00 00 21 FF FF
   on detecction of such attack attempts, your rule should generate an alert with the message:
  "DHCP Service invalid input HLen attack detected".
   
  thanx

       
---------------------------------
Get the World's number 1 free email service. Find out more.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users