Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] FPs for SMTP SSLv3 openssl get shared ciphers overflow

from [Matthew Watchinski] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] FPs for SMTP SSLv3 openssl get shared ciphers overflow attempt 8435
Date: Thu, 02 Aug 2007 10:49:30 -0400 
Anyway to get a full session pcap of this one?

Thanks
-matt

Russell Fulton wrote:

I am also seeing quite a few of these:

META  
SID   CID     TimeStamp       Signature       Sig ID
6     6590548         2007-07-04 14:29:58     SMTP SSLv3 openssl get shared 
ciphers overflow 
attempt       8435 <http://www.snort.org/snort-db/sid.html?sid=8435>

Sensor Hostname       Sensor Interface
monitor-dmzo.isec.auckland.ac.nz      dmz sensor

IP    
Source Address        Dest Address    Ver     Hdr Len         TOS     length  
ID      flags   offset 
TTL   chksum
210.48.74.103         130.216.190.11  4       5       0       140     20075   
2       0       116     23173

Resolved Source       Resolved Dest
ip-210-48-74-103.iconz.net.nz         groucho.itss.auckland.ac.nz

TCP   
Source Port   Dest Port       Seq     Ack     Offset  Reserved        Flags   
Window  Checksum 
Urgent Ptr
3427  25      1047465774      205133145       5       0       24      65329   
32366   0

Options
None

Flags

RB 1  RB 0    URG     ACK     PSH     RST     SYN     FIN

      
      
      X       X       
      
      

DATA  

160300005F0100005B03

00468B0627688323A11D

AC9301BE123C8ED1D859

2D2A4059CEA85BFF2F53

73A54800003400390038

003500160013000A0033

0032002F006600050004

00630062006100150012

00090065006400600014

00110008000600030100


            

      

...._...[.

.F..'h.#..

.....<...Y

-*@Y..[./S

s.H..4.9.8

.5.......3

.2./.f....

.c.b.a....

...e.d.`..

..........


            

--------------------------------------------------------------------------------



------------------------------------------------------------------------

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/


------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Snort-sigs] FPs for SMTP SSLv3 openssl get shared ciphers overflow attempt 8435, Matthew Watchinski <=
Previous by Date:  Re: [Snort-sigs] False possitives on "MYSQL client authentication bypass attempt", Matthew Watchinski
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] False possitives on "MYSQL client authentication bypass attempt", Christiaan Ehlers
Next by Thread:  [Snort-sigs] EXPLOIT ssh CRC32 overflow filler (1:1325), Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]