Snort mailing list archives
Re: Help
From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Tue, 7 Apr 2020 11:23:24 -0400
If you're looking for examples of how this can be blocked, there are
several existing rules in the Talos Snort Ruleset that alert
19013
2337
45612
(648 just detects the shellcode and 518 just detects that this is a tftp
write)
==========================================================
Alerts:
==========================================================
tftp-wrq-filename-overflow.pcap
1:19013:9 PROTOCOL-TFTP HP Intelligent Management Center
TFTP server MODE remote code execution attempt - WRQ
1:2337:23 PROTOCOL-TFTP PUT filename overflow attempt
1:648:18 INDICATOR-SHELLCODE x86 NOOP
1:518:16 PROTOCOL-TFTP Put
1:45612:2 PROTOCOL-TFTP WRITE long filename attempt
==========================================================
On Wed, Apr 1, 2020 at 12:34 PM Rohit Khosla via Snort-sigs <
snort-sigs () lists snort org> wrote:
Please unsucribe. On Wed, Apr 1, 2020 at 5:03 PM <snort-sigs-request () lists snort org> wrote:Send Snort-sigs mailing list submissions to snort-sigs () lists snort org To subscribe or unsubscribe via the World Wide Web, visit https://lists.snort.org/mailman/listinfo/snort-sigs or, via email, send a message with subject or body 'help' to snort-sigs-request () lists snort org You can reach the person managing the list at snort-sigs-owner () lists snort org When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-sigs digest..." Today's Topics: 1. (no subject) (Boroboro Yokotero) ---------------------------------------------------------------------- Message: 1 Date: Wed, 01 Apr 2020 01:24:49 +0300 From: Boroboro Yokotero <yokotero () yandex ru> To: "snort-sigs () lists snort org" <snort-sigs () lists snort org> Subject: [Snort-sigs] (no subject) Message-ID: <8306271585693391 () iva8-bad53723c646 qloud-c yandex net> Content-Type: text/plain; charset="us-ascii" An HTML attachment was scrubbed... URL: < https://lists.snort.org/pipermail/snort-sigs/attachments/20200401/a6bb0894/attachment-0001.htm------------------------------ Subject: Digest Footer _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Please visit http://blog.snort.org for the latest news about Snort! ------------------------------ End of Snort-sigs Digest, Vol 35, Issue 1 *****************************************_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Help Rohit Khosla via Snort-sigs (Apr 01)
- Re: Help Alex McDonnell (Apr 07)