[Oisf-users] knowing the details of a threat triggred by Suricata

mouna amani amani.smiai.insat at gmail.com
Wed Aug 28 10:48:02 UTC 2013


I have a lot of drops using this signature

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long
OPTIONS URI Overflow Attmept"; flow:established,to_server;
content:"OPTIONS|20|"; depth:8; nocase; isdataat:400,relative;
content:!"|0A|"; within:400;
reference:url,www.packetstormsecurity.com/1004-exploits/sunjavasystem-exec.txt;
reference:cve,2010-0361;
reference:url,doc.emergingthreats.net/2011016;
classtype:web-application-attack; sid:2011016; rev:3;)


I am a student and I want to explain this signature is triggred
exactly why and explain this message with technical words.
thanks for helping me :)

-- 

Amani smiai


More information about the Oisf-users mailing list