Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Snort-users] ET SHELLCODE Possible Call with No Offset UDP Shellcode

1,084 views
Skip to first unread message

Colony.Three

unread,
Dec 8, 2014, 10:42:19 AM12/8/14
to
Turns out that this is quite a mean little nasty:
https://community.emc.com/community/connect/rsaxchange/netwitness/blog/2012/08/22/network-detection-...


-------- Original Message --------
Subject: ET SHELLCODE Possible Call with No Offset UDP Shellcode
Time (GMT): Dec 07 2014 22:41:31
From: Colony...@protonmail.ch
To: snort...@lists.sourceforge.net

I picked this up this interesting High Severity last night (sid 2012087), coming in to my TOR Gateway.  I searched and searched but there doesn't seem to be a reference for these alerts.  rootedyour has never heard of it, and EMC has taken down networkforensics altogether.

alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SHELLCODE Possible Call with No Offset UDP Shellcode"; content:"|E8 00 00 00 00 58|"; fast_pattern:only; reference:url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/; classtype:shellcode-detect; sid:2012087; rev:1;)

Is there any way to investigate this further?



0 new messages