File: 115-1.txt

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: buster, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (71 lines) | stat: -rw-r--r-- 1,337 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71


Rule:

--
Sid:
115-1

--
Summary:
This event is generated when the pre-processor asn1 detects network
traffic that may constitute an attack. Specifically an indefinite asn.1
length encoding was detected.

--
Impact:
Unknown.

--
Detailed Information:
This event is generated when the asn1 pre-processor detects network
traffic that may consititute an attack.

Indefinite Lengths are conceptually like BLOB data.  The upper bit of
the first byte is set to one, and the bottom seven bits are zero.  The
data value follows immediately, and continues until two zero-bytes are
encountered.

More information on this event can be found in the individual
pre-processor documentation README.asn1 in the docs directory of the
snort source. Detailed instructions and examples on how to tune and use
the pre-processor can also be found in the same document.

--
Affected Systems:
	All.

--
Attack Scenarios:

--
Ease of Attack:
Simple.

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Check the target host for signs of compromise.

Apply any appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team
Daniel Roelker <droelker@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

ASN1 Information Site:
http://asn1.elibel.tm.fr/

--