Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] FP for NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow atte

from [Jason] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] FP for NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt: sid 2383
Date: Tue, 19 Oct 2004 00:23:12 -0400
If you could also provide header information and the rule revision it would be more helpful.

Russell Fulton wrote:

I am seeing many (over a thousand a day) of these on our internal
network on sessions between well managed machines that I would expect to
be communicating on port 455.   A quick look at the data portion does
not appear malicious (no padding or other evidence of overflow attempt).

DATA (Ascii below)

0000015EFF534D427300

0000001807C800000000

00000000000000000000

FFFE000820000CFF005E 


[...]



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] reporting false positives..., Jason
Next by Date:  Re: [Snort-sigs] Colin Slevin/TRANSWARE/IE is out of the office., Matt Kettler
Previous by Thread:  [Snort-sigs] FP for NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt: sid 2383, Russell Fulton
Next by Thread:  [Snort-sigs] FP for NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt: sid 2383 -- the real one, Russell Fulton
Indexes:  [Date] [Thread] [Top] [All Lists]