Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] False Positive

from [ANDREW J WOOD] Network Security [Permanent Link]
Subject: [Snort-sigs] False Positive
Date: Wed, 03 May 2006 17:58:13 -0400 


Rule: SNMP Missing Community String

--
Sid: 1893

--
Summary: Data appears to have the Public Community String Set

--
Impact: None

--
Detailed Information:


ID #TimeTriggered Signature
1 - 189362006-05-03 17:52:46[cve] [icat] [bugtraq] [local] [snort] SNMP
missing community string attempt

SensorNameInterfaceFilter
sdcsecwatch01eth0 none 

Alert Group  none 

IP 
Source Address Dest. Address VerHdr LenTOSlengthIDflagsoffsetTTLchksum
163.230.3.42163.230.120.13342007522394001278364

Options    none 

UDP
source portdest portlength
4652
[sans] [portsdb] [tantalo] [sstats] 161
[sans] [portsdb] [tantalo] [sstats] 55

Payload

Plain Display
Download of Payload
length = 47 000 : 30 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 20 02
0-.....public. . 010 : 04 00 EB D1 75 02 01 00 02 01 00 30 12 30 10 06
....u......0.0.. 020 : 0C 2B 06 01 02 01 2B 10 05 01 02 01 02 05 00
.+....+........


--
Affected Systems: Win2k SP4

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives: 

--
False Negatives:

--
Corrective Action:

--
Contributors: ajwood@sentara.com

-- 
Additional References:
If you need more info I'll be glad to help.
 
Thanks,
Andy
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] False Positive, ANDREW J WOOD <=
Previous by Date:  [Snort-sigs] False positive for sid 1478, Brock, Anthony - NET
Next by Date:  [Snort-sigs] Bug report - Telnet negotiation based FTP signature evasion, pratap
Previous by Thread:  [Snort-sigs] False positive for sid 1478, Brock, Anthony - NET
Next by Thread:  [Snort-sigs] Bug report - Telnet negotiation based FTP signature evasion, pratap
Indexes:  [Date] [Thread] [Top] [All Lists]