[Oisf-users] knowing the details of a threat triggred by Suricata
Victor Julien
lists at inliniac.net
Wed Aug 28 10:54:27 UTC 2013
On 08/28/2013 12:48 PM, mouna amani wrote:
> I have a lot of drops using this signature
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
> WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long
> OPTIONS URI Overflow Attmept"; flow:established,to_server;
> content:"OPTIONS|20|"; depth:8; nocase; isdataat:400,relative;
> content:!"|0A|"; within:400;
> reference:url,www.packetstormsecurity.com/1004-exploits/sunjavasystem-exec.txt;
> reference:cve,2010-0361;
> reference:url,doc.emergingthreats.net/2011016;
> classtype:web-application-attack; sid:2011016; rev:3;)
>
>
> I am a student and I want to explain this signature is triggred
> exactly why and explain this message with technical words.
> thanks for helping me :)
>
Questions about Emerging Threats signatures can best be asked on the
emerging threats mailinglist:
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list