Snort mailing list archives
Re: Suspicious Traffic
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 25 Jun 2004 14:24:31 -0400
At 08:25 PM 6/24/2004, ISP Toolz wrote:
Have any of you seen any traffic similar to this or do you know what exploit or script that was used to try and overflow this system. Thanks.
First a link to the sig docs: http://www.snort.org/snort-db/sid.html?sid=2256 Second, it is probably a result of this tool: http://www.securityfocus.com/archive/1/338112 http://www.metasploit.com/tools/rootdown.plCertainly the repeated presence of "exploit" in the packet is typical of the default output of this script.
There's also a newer packaging of it as a multi-exploit tool: http://www.securityfocus.com/archive/1/359765 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training.Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suspicious Traffic ISP Toolz (Jun 24)
- Re: Suspicious Traffic Matt Kettler (Jun 25)