[Oisf-users] this rule appears to make suri crash
Peter Manev
petermanev at gmail.com
Mon Aug 19 06:15:18 UTC 2013
On Mon, Aug 19, 2013 at 7:30 AM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"CUSTOM MS Terminal Server User A Login, possible Morto inbound"; flow:to_server,established; content:"|03 00 00|"; offset:0; depth:3; content:"|e0 00 00 \
> 00 00 00|"; offset:5; depth:6; content:"Cookie|3a|mstshash=a|0d 0a|"; nocase; reference:cve,CAN-2001-0540;classtype:protocol-command-decode; )
>
> When I include this rule I get a general protection fault.
>
> Russell
Which Suri version are are you using?
( or is there anything special in the configuration)
I just quickly tried 1.4.5 with the provided rule and could not reproduce it.
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list