[Oisf-devel] FN on suricata 103/11beta2 - ftp format string
rmkml
rmkml at free.fr
Sat Apr 16 23:38:17 UTC 2011
Hi,
First, Great Congratulations for new Suricata 1.0.3/1.1beta2 release!
Second, I have a small pb with joigned pcap file.
ok first sig working:
alert tcp any any -> any 21 (msg:"FTP format string in ftp cmd attempt"; flow:to_server,established;
content:"%"; depth:4; offset:0; classtype:misc-activity; sid:945011; rev:1;)
ok second sig NOT working (but work with snort):
alert tcp any any -> any 21 (msg:"FTP format string in ftp cmd attempt"; flow:to_server,established;
content:"%"; depth:4; offset:0; content:"%"; within:2; distance:1; classtype:misc-activity; sid:945012; rev:1;)
stream:
checksum_validation: no # or yes have same pb for me
Thx you again for your time for checking my test.
If you confirm, Im open a new ticket on suricata redmine.
Regards
Rmkml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exploit_ftp_formatstringmetasploit_suricataFN.pcap
Type: application/cap
Size: 1671 bytes
Desc:
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110417/74c29c21/attachment.bin>
More information about the Oisf-devel
mailing list