Thanks for all the reference suggestions, and sorry for the delay in
replying (been otherwise occupied).
I will take a look at everything you have submitted and take some action
on each. I will endeavor to reply for each of your submissions
individually (unless I can pull them all into one place in which case I
may reply en-masse).
Please, keep the suggesstions coming, I'm sure everyone on the list
appreciates your efforts.
Thanks again.
On 0, rmkml <rmkml@free.fr> allegedly wrote:
Hi,
sid 1911 is :
rpc.rules:alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC sadmind
UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"; content:"|00 01
87 88|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4;
distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align;
byte_jump:4,124,relative,align; byte_jump:4,20,relative,align;
byte_test:4,>,512,4,relative; content:"|00 00 00 00|"; depth:4; offset:4;
reference:bugtraq,0866; reference:bugtraq,866; reference:cve,1999-0977;
classtype:attempted-admin; sid:1911; rev:10;)
remove bid 0866 because already bid 866 on sid 1911 ?
regards
Rmkml
+--------------------------------------------------------------------+
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team
I require a window seat and an inflight Happy Meal, and no pickles!
God help you if I find pickles!
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
