[Oisf-users] knowing the details of a threat triggred by Suricata

Victor Julien lists at inliniac.net
Wed Aug 28 10:54:27 UTC 2013

On 08/28/2013 12:48 PM, mouna amani wrote:
> I have a lot of drops using this signature
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
> WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long
> OPTIONS URI Overflow Attmept"; flow:established,to_server;
> content:"OPTIONS|20|"; depth:8; nocase; isdataat:400,relative;
> content:!"|0A|"; within:400;
> reference:url,www.packetstormsecurity.com/1004-exploits/sunjavasystem-exec.txt;
> reference:cve,2010-0361;
> reference:url,doc.emergingthreats.net/2011016;
> classtype:web-application-attack; sid:2011016; rev:3;)
> I am a student and I want to explain this signature is triggred
> exactly why and explain this message with technical words.
> thanks for helping me :)

Questions about Emerging Threats signatures can best be asked on the
emerging threats mailinglist:

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list