On Thu, 14 Oct 2004 15:13:12 -0500
"Rowland, Krisa W ERDC-ITL-MS Contractor" <Krisa.W.Rowland@erdc.usace.army.mil>
wrote:
I am getting alerts on sid 2000425 - the downloading for the NE and ELF
ELF is the standard binary format for execuatble binaries on
most UNix platforms (Linux, Solaris, *BSD etc).
NE (I think) it the executable format for IBM's OS/2 and some
driver level stuff in windows.
formats. Are these something I need to worry about?
That depends. Should your machines be sending/receiving these
things? If you have linux machines hosting web space for external
users, then it would be reasonable for those users to be ftping
linux binary files (ie binary CGI programs) to the the web server.
There are a whole bunch of other scenarios where ELF binaries are
not appropriate.
I mean - is there
something particularly malicious about these formats??
Only as malicious as any other binary. That can range from
calculator.exe on windows through to backorifice.
Basically you need more information to figure out if there
is a threat. You would need source and destination IP/port,
the name of the binary file or better yet the binary file
itself.
Erik
--
------------------------------------------------------
[N] Erik de Castro Lopo, Senior Computer Engineer
[E] erik.de.castro.lopo@sensorynetworks.com
[W] http://www.sensorynetworks.com
[T] +61 2 83022726
[F] +61 2 94750316
[A] L4/140 William St, East Sydney NSW 2011, Australia
------------------------------------------------------
A good debugger is no substitute for a good test suite.
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
