[Oisf-users] "ETPRO EXPLOIT NetSupport Manager Client Buffer Overflow Relative"; sid:2801281; rev:5; )

Anoop Saldanha anoopsaldanha at gmail.com
Wed Oct 9 04:49:03 UTC 2013

On Wed, Oct 9, 2013 at 5:15 AM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> Hi
> Puzzled by this one.  Suri is triggering this sig on traffic *from* port 443 but the sig says "From server"?
> I am not seeing this on my snort sensor which is running the same ruleset — supposedly on the same traffic.

Can you share this pcap for the flow that triggers this?

What version of suricata are you using?

Anoop Saldanha

More information about the Oisf-users mailing list