w00t$port
but this should not be relied upon for detection purposes, also the shellcode should not be used for detection either.Fortunately, Snort has detection dating back over 5 years for this issue.
The following Snort rules will catch this attack:
2374 - FTP NLST overflow attempt
3441 - FTP PORT bounce attempt
1973 - FTP MKD overflow attempt
1529 - FTP SITE overflow attempt
Also, the FTP/Telnet preprocessor will also generate events for this attack:
125:3:1 - FTP Parameter Length Overflow
125:6:1 - FTP Response Length Overflow
125:8:1 - FTP Bounce
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.