[Emerging-Sigs] Rule dupe, well msg anyway. Is that allowed?

Will Metcalf william.metcalf at gmail.com
Wed Dec 12 06:34:59 HAST 2012


Sure :) sid differs...

On Wed, Dec 12, 2012 at 10:33 AM, Paul Halliday <paul.halliday at gmail.com> wrote:
> alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SHELLCODE
> Possible Call with No Offset TCP Shellcode"; flow:established;
> content:"|E8 00 00 00 00 58|"; fast_pattern:only;
> reference:url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/;
> classtype:shellcode-detect; sid:2012086; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SHELLCODE
> Possible Call with No Offset TCP Shellcode"; flow:established;
> content:"|E8 00 00 00 00 8F|"; fast_pattern:only;
> reference:url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/;
> classtype:shellcode-detect; sid:2012088; rev:1;)
>
> --
> Paul Halliday
> http://www.pintumbler.org/
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!


More information about the Emerging-sigs mailing list