Snort mailing list archives

Re: snort attacks

From: Max Vision <vision () whitehats com>
Date: Tue, 29 May 2001 14:26:08 -0700 (PDT)


You would need to consider the context and additional details surrounding
this alert.  What service was receiving this packet (as judged by the port
numbers)?  What OS is the machine running?  What were the contents of the
packet?  Where there other probes from the same source IP that preceded
this alert, like a portmap probe?

Also what is the unicode reference, can you post the rule you used that
caused this?

Max

On Tue, 29 May 2001, Steve Moran wrote:

Where can I find a description of the attacks or the exploit someone is
trying to use?  For example, if I see this type of attack is occurring
x86 NOOP - unicode BUFFER OVERFLOW ATTACK

How would I know what they are trying for?



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort attacks Steve Moran (May 29)
- Re: snort attacks Max Vision (May 29)
- RE: snort attacks Ofir Arkin (May 29)
- Re: snort attacks Ryan Russell (May 29)
  - Re: snort attacks Guillaume (May 29)
- <Possible follow-ups>
- Re: snort attacks Dr SuSE (May 29)
- RE: snort attacks Steve Moran (May 29)
  - RE: snort attacks Max Vision (May 29)