Snort mailing list archives

Increase in ASN.1 alerts

From: Joe Gedeon <joe.gedeon () gmail com>
Date: Wed, 2 Feb 2011 12:53:27 -0500

Has anyone else noticed an increase in the number of alerts for
SPECIFIC-THREATS ASN.1 constructed bit string?  The payload seems
different than the kill-bill script.

An example can be found here.
http://pastebin.com/y9jAigbb

Sincerely,
Joe

-- 
Registered Linux User # 379282

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Increase in ASN.1 alerts Joe Gedeon (Feb 02)
- Re: Increase in ASN.1 alerts Michael Scheidell (Feb 02)
- Reliability of signatures Fraser, Hugh (Feb 04)
  - Re: Reliability of signatures Martin Holste (Feb 04)
    - Re: Reliability of signatures Matt Olney (Feb 04)
    - Re: Reliability of signatures Jim Hranicky (Feb 04)
    - Re: Reliability of signatures Matt Olney (Feb 04)
    - Re: Reliability of signatures Martin Holste (Feb 04)
    - Re: Reliability of signatures Jim Hranicky (Feb 04)
    - Re: Reliability of signatures Martin Roesch (Feb 04)
    - Re: Reliability of signatures Joel Esler (Feb 04)

(Thread continues...)