Snort mailing list archives
FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 27 Jul 2010 09:18:27 +1200
I am seeing lots of hits on this rule -- mostly from local ISP addresses which strongly suggests that they are FPs. sample packet: 16030100300B9BFA00AD D1DC979808E896F4E7CF 1B85338B5531AF7CF07A 805C0320F78A1929FFEC B2E2CCA7F1764DBDABFC 7A0A0B I have lots more sample if anyone wants them -- getting a full session capture might be possible too if needed. Russell Fulton Information Security Officer, The University of Auckland New Zealand ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 Russell Fulton (Jul 26)
- Re: FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 L0rd Ch0de1m0rt (Jul 27)