Snort mailing list archives

[SPAM] FN on community very old sid 1253 rev 21?

From: rmkml <rmkml () yahoo fr>
Date: Mon, 22 Apr 2013 23:10:42 +0200 (CEST)

Hi,

Can you check flow side on this very old rule cause FN please? (this rule 
are not enabled by default)

  alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET bsd exploit client finishing"; 
flow:to_client,established; dsize:>200; 
content:"|FF F6 FF F6 FF FB 08 FF F6|"; depth:50; offset:200; rawbytes; metadata:ruleset community, service telnet; 
reference:bugtraq,3064; 
reference:cve,2001-0554; reference:nessus,10709; classtype:successful-admin; sid:1253; rev:21;)

Regards
Rmkml

http://twitter.com/rmkml

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

[SPAM] FN on community very old sid 1253 rev 21? rmkml (Apr 22)
- Re: [SPAM] FN on community very old sid 1253 rev 21? Patrick Mullen (Apr 23)