Snort mailing list archives
Re: Incorrect SID Information
From: beenph <beenph () gmail com>
Date: Wed, 5 Dec 2012 18:53:25 -0500
On Wed, Dec 5, 2012 at 5:48 PM, Turnbough, Bradley E. <bturnbough () belcan com> wrote:
Service Pack 4 on Windows 2000 Service Pack 4 — Download the update Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows
2000 Service Pack 4 — Download the update
Microsoft Internet Explorer 6 for Windows XP Service Pac
The rule information it self seem's acurate in the rule it self.. binf@SINGULAR:~/SNORT/etc/rules$ grep -r "11257" *.rules browser-ie.rules:# alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt"; flow:to_client,established; file_data; content:"<colgroup"; fast_pattern:only; pcre:"/<colgroup\s+[^>]*id\s*=\s*(?P<q1>\x22|\x27|)(?P<q2>\w+)(?P=q1)[^>]*>.*\s+(?P=q2)(\.delete)|(\.test)/smi"; metadata:policy security-ips drop, service http, service imap, service pop3; reference:bugtraq,23771; reference:cve,2007-0944; reference:url, technet.microsoft.com/en-us/security/bulletin/ms07-027; classtype:attempted-user; sid:11257; rev:7;)
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Incorrect SID Information Turnbough, Bradley E. (Dec 05)
- Re: Incorrect SID Information beenph (Dec 05)