RE: Seeing Chuncked content

From: Golden_Eternity (bhodi_jabirat_private)
Date: Mon Jul 08 2002 - 09:26:14 PDT

Next message: Golden_Eternity: "RE: Apache Worm / ddos"

Previous message: Carey, Steve T ISD: "RE: ftp directory scan"
In reply to: james: "Seeing Chuncked content"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I got 43 from 3 sources from the 5th to the 7th, nothing before that. They
triggered on this rule:

alert tcp any any -> any 80 \
(msg: "Apache chunked encoding exploit, n/shh//bi (i.e. /bin/sh)"; \
flags: A+; content: "n/shh//bi";)

Server was patched and happy.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Golden_Eternity: "RE: Apache Worm / ddos"
Previous message: Carey, Steve T ISD: "RE: ftp directory scan"
In reply to: james: "Seeing Chuncked content"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 10:31:22 PDT