[Oisf-users] this rule appears to make suri crash

Russell Fulton r.fulton at auckland.ac.nz
Mon Aug 19 04:30:16 UTC 2013

alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"CUSTOM MS Terminal Server User A Login, possible Morto inbound"; flow:to_server,established; content:"|03 00 00|"; offset:0; depth:3; content:"|e0 00 00 \
00 00 00|"; offset:5; depth:6; content:"Cookie|3a|mstshash=a|0d 0a|"; nocase; reference:cve,CAN-2001-0540;classtype:protocol-command-decode; )

When I include this rule I get a general protection fault.


More information about the Oisf-users mailing list