Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:651 |
Message | SHELLCODE x86 stealth NOOP |
Summary | Binary data in the packet matched one kind of byte sequence used as filler in buffer overflow attacks. |
Impact | It is possible someone was attempting a buffer overflow to gain unauthorized access to one of your servers. |
Detailed Information | This rule triggers when a binary pattern appears in the packet contents which matches one form of filler-bytes used in buffer overflow attacks. Buffer overflows allow execution of arbitrary code with the privlege level of the affected server process. A very detailed discussion of how basic buffer overflows work can be found in the text of "Smashing the stack for fun and profit" by Aleph One in Phrack #49. |
Affected Systems | |
Attack Scenarios | If the attacker suspects you have a server which is vulnerable to buffer overflow, they will attempt to exploit this vulnerability to gain access. |
Ease of Attack | Tools that use buffer overflows with stealth nop are widely available. |
Corrective Action | |
Additional References | http://online.securityfocus.com/library/14 |
Rule References | arachnids: 291 |
--
DID:107626
--
http://www.aanval.com/