Snort mailing list archives
Re: DOS MSDTC attempt false positive
From: Bill McCarty <bmccarty () apu edu>
Date: Sat, 11 May 2002 19:27:56 -0700
Yes, I've got it wrong. In the clarity of daylight, I find that I've confused the "DOS MSDTC" signature with the "DOS Bay/Nortel Nautica Marlin." The latter is apparently subject to false positives due to the problem I mentioned.
Sorry for the false lead!--On Saturday, May 11, 2002 11:55 AM -0400 Matt Kettler <mkettler () evi-inc com> wrote:
Actualy I just checked with bugtraq, this exploit takes at least 1024 bytes of data to cause the crash so the "0 bytes" idea bill had is a red herring. The rule is valid as it stands with dsize >1023. http://online.securityfocus.com/bid/4006/discussion/
--------------------------------------------------- Bill McCarty, Ph.D. Associate Professor of Web & Information Technology School of Business and Management Azusa Pacific University _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)
- Re: DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Roberto Suarez Soto (May 09)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 10)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)