Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort sigs for Solaris login exploit?

From: Russell Fulton <r.fulton () auckland ac nz>
Date: 26 Apr 2002 14:36:35 +1200
Hi All,
        Does anyone have snort signatures for the solaris login exploit posted
to bugtraq on 14th of March?

We had a solaris 8 box rooted last night and this exploit is top
candidate.  The attack did register with snort but as lots of failed
telnet logins and an 'ATTACK RESPONSES id check returned root'.

The attack was an iterated attempts to port 23 interspersed with
attempts to connect to 2001.

No, I don't have any packets captures of the attack, just the responses
that snort recorded.

I am currently trying to get hold of the exploit so I can do a packet
capture of the exploit code and will forward this to the list so someone
with more experience than me can develop a signature.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: