Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] SHELLCODE x86 NOOP (NOP Sled) Sid: 648

from [David Schedler] Network Security [Permanent Link]
Subject: [Snort-sigs] SHELLCODE x86 NOOP (NOP Sled) Sid: 648
Date: Mon, 8 Jan 2007 11:38:39 -0600 
Rule:  SHELLCODE x86 NOOP (NOP Sled)
 
--
Sid: 648
 
--
Summary: When I use MS Enterprise Manager from inside my network to
connect to a remote DB outside of my network (via internet) SNORT
attempts to block the remote DB's IP address.
 
--
Impact: Other web services, servers, and programs attempting to access
the DB at the same IP address are blocked from accessing the DB.
 
--
Detailed Information: We used Snort all weekend, with IIS servers having
no problem accessing a remote DB.  When I arrived at work at 7:30 AM and
started Enterprise Manager the IP address to the DB was blocked.
 
--
Affected Systems:
 
--
Attack Scenarios:
 
--
Ease of Attack:
 
--
False Positives:  Using Enterprise Manager creates NOPs
 
--
False Negatives:
 
--
Corrective Action: Added the DB's IP address to white list.  The DB is
the only resource at that IP address.
 
--
Contributors:
 
-- 
Additional References:

 

 

David Schedler

Trinity Real Estate Solutions, Inc.

972-865-0215

972-865-0219 (fax)

www.TrinityInspection.com

 

Privileged or confidential information may be contained in this message.
If you have received it in error, you may not forward, copy or deliver
this message to anyone or disclose its contents to any other person.  If
you are not the intended recipient, please destroy this message and
kindly notify the sender by reply email. Thank you for your cooperation

 


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] SHELLCODE x86 NOOP (NOP Sled) Sid: 648, David Schedler <=
Previous by Date:  [Snort-sigs] documentation for sids 1:10065 -> 1:10077 (Storm Trojan, Trojan.Peacom), David Morris
Next by Date:  Re: [Snort-sigs] Flowbit dependancy issue, Matthew Watchinski
Previous by Thread:  [Snort-sigs] documentation for sids 1:10065 -> 1:10077 (Storm Trojan, Trojan.Peacom), David Morris
Next by Thread:  [Snort-sigs] SID: 8477, definitely a "false positive", Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]