Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-sigs] Signature Proposal

from [Esler, Joel - Contractor] Network Security [Permanent Link]
Subject: RE: [Snort-sigs] Signature Proposal
Date: Fri, 15 Oct 2004 15:18:10 -0400 
alert tcp $EXTERNAL_NET 0 -> $HOME_NET any (msg:"TCP Source Port of 0";)
alert udp $EXTERNAL_NET 0 -> $HOME_NET any (msg:"UDP Source Port of 0";)
 
That was easy.

-----Original Message-----
From: snort-sigs-admin@lists.sourceforge.net
[mailto:snort-sigs-admin@lists.sourceforge.net] On Behalf Of Holger
Heimann
Sent: Monday, October 04, 2004 12:47 PM
To: 'snort-sigs@lists.sourceforge.net'
Subject: [Snort-sigs] Signature Proposal



Hi Folks,

 

in addition to the signature 524 and 525 (tcp/udp destination port
zero), we'd like to see similar Signatures with a source port of zero.

 

I've seen that on other IDS and it's been discussed in forensic und
pentest forums also.

 

Thanks a lot,

Holger

 

--

it.sec GmbH & Co. KG      - Online Spam Filtering

Sedanstrasse 10/Geb. 17   - Worlds first Free Online Vulnerability
Check:

D-89077 Ulm                  <http://www.it-sec.de/freecheck.html>
http://www.it-sec.de/freecheck.html

Fon: +49 (0)731/20589-0   - Professional Vulnerability Scans

Fax: +49 (0)731/20589-29    www.perisec.com

holger.heimann@it-sec.de

       

www.it-sec.de             info@it-sec.de

--------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Colin Slevin/TRANSWARE/IE is out of the office., Colin . Slevin
Next by Date:  Re: [Snort-sigs] False Positive, Matt Kettler
Previous by Thread:  [Snort-sigs] Colin Slevin/TRANSWARE/IE is out of the office., Colin . Slevin
Next by Thread:  [Snort-sigs] Signature Proposal, Holger Heimann
Indexes:  [Date] [Thread] [Top] [All Lists]