Thanks for all the reference suggestions, and sorry for the delay in
replying (been otherwise occupied).
I will take a look at everything you have submitted and take some action
on each. I will endeavor to reply for each of your submissions
individually (unless I can pull them all into one place in which case I
may reply en-masse).
Please, keep the suggesstions coming, I'm sure everyone on the list
appreciates your efforts.
Thanks again.
On 0, rmkml <rmkml@...> allegedly wrote:
> Hi,
>
> sid 1911 is :
> rpc.rules:alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC sadmind
> UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"; content:"|00 01
> 87 88|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4;
> distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align;
> byte_jump:4,124,relative,align; byte_jump:4,20,relative,align;
> byte_test:4,>,512,4,relative; content:"|00 00 00 00|"; depth:4; offset:4;
> reference:bugtraq,0866; reference:bugtraq,866; reference:cve,1999-0977;
> classtype:attempted-admin; sid:1911; rev:10;)
>
> remove bid 0866 because already bid 866 on sid 1911 ?
>
> regards
> Rmkml
+--------------------------------------------------------------------+
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team
I require a window seat and an inflight Happy Meal, and no pickles!
God help you if I find pickles!
|
