Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] False +ves for SID 2657 :EXPLOIT SSLv2 Client_Hello with pa

from [Russell Fulton] Network Security [Permanent Link]
Subject: [Snort-sigs] False +ves for SID 2657 :EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt
Date: Wed, 15 Dec 2004 11:05:07 +1300 
Hi I am seeing about 2500 of these a day between two 'trusted' systems:

META
--------
SID     CID     TimeStamp               Signature
7       203852  2004-12-14 11:03:32     EXPLOIT SSLv2 Client_Hello with pad 
Challenge Length overflow attempt
Sig ID
2657

IP
--------
Source Address  Dest Address    Ver     Hdr Len
130.216.120.4   130.216.74.4    4       5
TOS     length  ID      flags   offset  TTL     chksum
0       313     18880   2       0       64      10310

Resolved Source
ctru.auckland.ac.nz

Resolved Dest
www.ctru.auckland.ac.nz 

TCP
--------
Source Port     Dest Port       Seq             Ack             
3828            443             295974195       4027509575
Offset  Reserved        Flags   Window  Checksum        Urgent Ptr
8       0               24      31856   50184           0

Options
--------
None


Flags
--------
RB 1    RB 0    URG     ACK     PSH     RST     SYN     FIN
                        X       X                               

DATA
--------
1703010100F91C09F180    ..........
D57D76CD8D2B569CA8E3    .}v..+V...
FDC5D0C1358B6DE3BADA    ....5.m...
A458EA9F3F8E9B674525    .X..?..gE%
B49262F5059798D49EC1    ..b.......
61C50BC5723BEEAE90C0    a...r;....
31277D130476E72314BB    1'}..v.#..
BE0A67F12EBDFB4CBC98    ..g....L..
78312C8797AE994C3405    x1,....L4.
E726B3193FAF9F936E26    .&..?...n&
55D3803BB6E8C13CE856    U..;...<.V
B553976337342C6B4C02    .S.c74,kL.
9663D2035F55B4BB0747    .c.._U...G
0C0A7402648BE7546006    ..t.d..T`.
EA3029160340075CF9B1    .0)..@.\..
436653BC7C5B2F572345    CfS.|[/W#E
15AD18E556722931FEA3    ....Vr)1..
0F5765FC4CFCABE750B6    .We.L...P.
68A38293064449EF7446    h....DI.tF
3F89B5998983E2B14465    ?.......De
A45674BB55A527AF385E    .Vt.U.'.8^
47D92E0ECF94DA07D7E0    G.........
5EC100549B4B586AEE36    ^..T.KXj.6
E354B07307593902D429    .T.s.Y9..)
3151F50D3227B08CD179    1Q..2'...y
B978C14A73789EE79355    .x.Jsx...U
6D      m



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] False +ves for SID 2657 :EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt, Russell Fulton <=
Previous by Date:  Re: [Snort-sigs] TCP sweeps, James Riden
Next by Date:  Re: [Snort-sigs] TCP sweeps, Matt Jonkman
Previous by Thread:  [Snort-sigs] we need support, SHAFFIE
Next by Thread:  [Snort-sigs] Bleeding Snort updates and a new ruleset, Matt Jonkman
Indexes:  [Date] [Thread] [Top] [All Lists]