Re: snort rule

["M. Shirk" <shirkdog_list () hotmail com>]

I would like to know where the homework is from, this looks like a decent question. I did not see such material when 
Snort was referenced in any of my classes. Most of the class could not setup Snort on winblows. Shirkdog 
' or 1=1-- 
http://www.shirkdog.us> Date: Wed, 29 Aug 2007 08:47:06 -0400> From: nigel () sourcefire com> To: Snort-users () lists 
sourceforge net> Subject: Re: [Snort-users] snort rule> > On 8/29/07 4:42 AM, "lokesh sharma" <lokeshpunjabi_1984 () 
yahoo com au> wrote:> > > can you help me> > > > to write rules regarding DHCP> > > > The rule is> > > > "detect all 
attempts to exploit this vulnerability. In particular, it should> > detect attempts by any computer making DHCP 
requests where hte Hlen field has> > an invalid value, and where the following byte-code sequence is found anywhere> > 
in the Sname or File fields. The byte-code sequence should not be matched in> > any other field of the request. The 
byte-code sequence (in hexadecimal) is:> > > > 01 48 23 87 AB 1F FA 2C 9A 00 00 00 00 21 FF FF> > > > on detecction of 
such attack attempts, your rule should generate an alert with> > the message:> > > > "DHCP Service invalid input HLen 
attack detected".> > > > thanx> > This looks like a question taken straight from an education course of some> kind. 
This is not the place to have other people do your homework for you.> > -- > Nigel Houghton> Office Linebacker> SF VRT> 
> > -------------------------------------------------------------------------> This SF.net email is sponsored by: 
Splunk Inc.> Still grepping through log files to find problems?  Stop.> Now Search log events and configuration files 
using AJAX and a browser.> Download your FREE copy of Splunk now >>  http://get.splunk.com/> 
_______________________________________________> Snort-users mailing list> Snort-users () lists sourceforge net> Go to 
this URL to change user options or unsubscribe:> https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users 
list archive:> http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________
See what you’re getting into…before you go there
http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users