Network Security: Detailed info on Re: [Snort-users] snort rule

Subject:	Re: [Snort-users] snort rule
Date:	Wed, 29 Aug 2007 13:43:50 -0400


I would like to know where the homework is from, this looks like a decent 
question. I did not see such material when Snort was referenced in any of my 
classes. Most of the class could not setup Snort on winblows. Shirkdog 
' or 1=1-- 
http://www.shirkdog.us> Date: Wed, 29 Aug 2007 08:47:06 -0400> From: 
nigel@sourcefire.com> To: Snort-users@lists.sourceforge.net> Subject: Re: 
[Snort-users] snort rule> > On 8/29/07 4:42 AM, "lokesh sharma" 
<lokeshpunjabi_1984@yahoo.com.au> wrote:> > > can you help me> > > > to write 
rules regarding DHCP> > > > The rule is> > > > "detect all attempts to exploit 
this vulnerability. In particular, it should> > detect attempts by any computer 
making DHCP requests where hte Hlen field has> > an invalid value, and where 
the following byte-code sequence is found anywhere> > in the Sname or File 
fields. The byte-code sequence should not be matched in> > any other field of 
the request. The byte-code sequence (in hexadecimal) is:> > > > 01 48 23 87 AB 
1F FA 2C 9A 00 00 00 00 21 FF FF> > > > on detecction of such attack attempts, 
your rule should generate an alert with> > the message:> > > > "DHCP Service 
invalid input HLen attack detected".> > > > thanx> > This looks like a question 
taken straight from an education course of some> kind. This is not the place to 
have other people do your homework for you.> > -- > Nigel Houghton> Office 
Linebacker> SF VRT> > > 
-------------------------------------------------------------------------> This 
SF.net email is sponsored by: Splunk Inc.> Still grepping through log files to 
find problems?  Stop.> Now Search log events and configuration files using AJAX 
and a browser.> Download your FREE copy of Splunk now >>  
http://get.splunk.com/> _______________________________________________> 
Snort-users mailing list> Snort-users@lists.sourceforge.net> Go to this URL to 
change user options or unsubscribe:> 
https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list 
archive:> http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________
See what you’re getting into…before you go there
http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] snort rule, lokesh sharma Re: [Snort-users] snort rule, rmkml Re: [Snort-users] snort rule, Joel Esler Re: [Snort-users] snort rule, Paul Schmehl Re: [Snort-users] snort rule, Joel Esler Re: [Snort-users] snort rule, Milo Velimirovic Re: [Snort-users] snort rule, Nigel Houghton Re: [Snort-users] snort rule, pearl carlo Re: [Snort-users] snort rule, M. Shirk <=

Previous by Date:	[Snort-users] http_inspect Tuning, Eric
Next by Date:	[Snort-users] Snort 2.8 Beta Now Available, Snort Releases
Previous by Thread:	Re: [Snort-users] snort rule, pearl carlo
Next by Thread:	[Snort-users] Snort.org Registration has been fixed, Mike Guiterman
Indexes:	[Date] [Thread] [Top] [All Lists]