Snort mailing list archives

Re: Suspicious Traffic

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 25 Jun 2004 14:24:31 -0400

At 08:25 PM 6/24/2004, ISP Toolz wrote:

Have any of you seen any traffic similar to this or do you know whatexploit or script that was used to try and overflow this system. Thanks.


First a link to the sig docs:
        http://www.snort.org/snort-db/sid.html?sid=2256

Second, it is probably a result of this tool:
http://www.securityfocus.com/archive/1/338112
http://www.metasploit.com/tools/rootdown.pl

Certainly the repeated presence of "exploit" in the packet is typical ofthe default output of this script.



There's also a newer packaging of it as a multi-exploit tool:

http://www.securityfocus.com/archive/1/359765



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.

Attend Black Hat Briefings & Training, Las Vegas July 24-29 -digital self defense, top technical experts, no vendor pitches,unmatched networking opportunities. Visit www.blackhat.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Suspicious Traffic ISP Toolz (Jun 24)
- Re: Suspicious Traffic Matt Kettler (Jun 25)