Snort mailing list archives
Re: DOS MSDTC attempt false positive
From: Matt Kettler <mkettler () evi-inc com>
Date: Sat, 11 May 2002 11:55:57 -0400
Actualy I just checked with bugtraq, this exploit takes at least 1024 bytes of data to cause the crash so the "0 bytes" idea bill had is a red herring. The rule is valid as it stands with dsize >1023.
http://online.securityfocus.com/bid/4006/discussion/ _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)
- Re: DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Roberto Suarez Soto (May 09)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 10)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)