Re: Suggested Sig for Cisco DOS Vulnerability

[Brian <bmc () snort org>]

FYI, we've released "official" sigs for the cisco DOS.  I've been
informed that Sourceforge's anoncvs server is 24 hours behind the
cvs server we (the developers) commit to.

alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 53 (SWIPE)"; ip_proto:53; reference:bugtraq,8211; 
reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2186; rev:1;)
alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 55 (IP Mobility)"; ip_proto:55; reference:bugtraq,8211; 
reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2187; rev:1;)
alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 77 (Sun ND)"; ip_proto:77; reference:bugtraq,8211; 
reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2188; rev:1;)
alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 103 (PIM)"; ip_proto:103; reference:bugtraq,8211; 
reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2189; rev:1;)

-brian


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users