Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Secuirty Hole Found In Dave's Sock

From: Jackson McKinley <saintau () sdf lonestar org>
Date: Fri, 9 Sep 2005 04:19:04 +0000

alert leg $RIGHT_FOOT any -> any toe (msg: "Suspect traffic - Sock hole exploit"; 
content:"%48%61%63%6b%69%6e%67%20%74%68%65%20%73%6f%63%6b%20%6d%61%6e%21"; classtype: misc-activity; si
d: 2001842; rev:4; )
alert leg $BOTH_LEGS any -> any foot/toe/leg (msg: "Attempted exploiting of the toe, sock or leg"; 
content:"%68%61%63%6b%69%6e%67%20%74%68%65%20%66%6f%6f%74%2c%20%74%6f%65%2c%20%6c%65%67%2e%2e%20%6f%68%20%6d%79%20%74%6f%65%20%74%68%65%79%20%68%61%76%65%20%61%20%63%72%65%61%6d%20%66%6f%72%20%74%68%61%74%20%6e%6f%77";
 
Classtype: mis$: misc-activity; sid: 2001842; rev:4; )


Could this be related to socks disappearing?  Anybody have signatures
for snort?

John

-- 
saintau () sdf lonestar org
SDF Public Access UNIX System - http://sdf.lonestar.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: