Snort mailing list archives

FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 27 Jul 2010 09:18:27 +1200

I am seeing lots of hits on this rule -- mostly from local ISP addresses which strongly suggests that they are FPs.

sample packet:

16030100300B9BFA00AD
D1DC979808E896F4E7CF
1B85338B5531AF7CF07A
805C0320F78A1929FFEC
B2E2CCA7F1764DBDABFC
7A0A0B


I have lots more sample if anyone wants them -- getting a full session capture might be possible too if needed.


Russell Fulton

Information Security Officer, The University of Auckland
New Zealand




------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 Russell Fulton (Jul 26)
- Re: FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 L0rd Ch0de1m0rt (Jul 27)
  - Re: FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 Alex Kirk (Jul 27)