Snort mailing list archives
snort sigs for Solaris login exploit?
From: Russell Fulton <r.fulton () auckland ac nz>
Date: 26 Apr 2002 14:36:35 +1200
Hi All, Does anyone have snort signatures for the solaris login exploit posted to bugtraq on 14th of March? We had a solaris 8 box rooted last night and this exploit is top candidate. The attack did register with snort but as lots of failed telnet logins and an 'ATTACK RESPONSES id check returned root'. The attack was an iterated attempts to port 23 interspersed with attempts to connect to 2001. No, I don't have any packets captures of the attack, just the responses that snort recorded. I am currently trying to get hold of the exploit so I can do a packet capture of the exploit code and will forward this to the list so someone with more experience than me can develop a signature. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort sigs for Solaris login exploit? Russell Fulton (Apr 25)
- Re: [unisog] Solaris system compromised via telnet. New exploit? Andreas Östling (Apr 26)