Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] EXPLOIT SSLv2 Client_Hello with pad Challenge Length overfl

from [Russell Fulton] Network Security [Permanent Link]
Subject: [Snort-sigs] EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt: sid 2657
Date: Tue, 19 Oct 2004 14:19:24 +1300 
We are seeing lots of these alerts to various of our SSL servers on
campus. There are about 160 different sources (mostly local DSL or
dialup users -- i.e. exactly the users we would expect).

Sample packet data:

170300010219DD1421A4

1E22E15D960B352E5291

5E53096D07688EBFE701

3B81726BA5740E57C502

C66F9A3136430C19B427

9C052E25A3CB34412BBE

D89E269669768FC87281

E20DD5D2A287D55DE54D

E7FC45D8B83A7F1EE07F

F4A83F85F07D7F7B2035

2047FB3E9D6779AC57F8

C4F38948049A0C339822

707FC42F9C39A847ABBB

5FA6B9CC589487D789DD

DB0257A72A541F370E02

B0F14C78F3FE2C2D48C0

77C58FCAF18C36E56A7B

B6623ACE1C0F6FFDF24E

7F8A971AD92C68A9C6A7

535460D0EB84C414EFFF

F8668B9A5AF6629D5D06

57A70282DE3D8FD2FCA6

8C018F425625B6F1D494

06AF7B8EBBDBC77425F0

42979737558081C46F70

67957B3E9BA029A0DD3E



........!.

.".]..5.R.

^S.m.h....

;.rk.t.W..

.o.16C...'

...%..4A+.

..&.iv..r.

.......].M

..E..:....

..?..}.{ 5

 G.>.gy.W.

...H...3."

p../.9.G..

_...X.....

..W.*T.7..

..Lx..,-H.

w.....6.j{

.b:...o..N

.....,h...

ST`.......

.f..Z.b.].

W....=....

...BV%....

..{....t%.

B..7U...op

g.{>..)..>


-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt: sid 2657, Russell Fulton <=
Previous by Date:  Re: [Snort-sigs] reporting false positives..., Matt Jonkman
Next by Date:  Re: [Snort-sigs] Colin Slevin/TRANSWARE/IE is out of the office., Jeff Nathan
Previous by Thread:  [Snort-sigs] FP for NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt: sid 2383 -- the real one, Russell Fulton
Next by Thread:  RE: [Snort-sigs] EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow a, M. Shirk
Indexes:  [Date] [Thread] [Top] [All Lists]