115-2.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
115-2

--
Summary:
This event is generated when the pre-processor asn1 detects network
traffic that may constitute an attack. Specifically an invalid asn.1
length encoding was detected.

--
Impact:
Unknown.

--
Detailed Information:
This event is generated when the asn1 pre-processor detects network
traffic that may consititute an attack.


An invalid length parameter in the asn1 packet header may indicate an
attempt to exploit a vulnerability in the application using asn1
libraries or alternatively it may be an attempt to evade detection by
an IDS that may not correctly process asn1 data.

More information on this event can be found in the individual
pre-processor documentation README.asn1 in the docs directory of the
snort source. Detailed instructions and examples on how to tune and use
the pre-processor can also be found in the same document.

--
Affected Systems:
	All.

--
Attack Scenarios:

--
Ease of Attack:
Simple.

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Check the target host for signs of compromise.

Apply any appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team
Daniel Roelker <droelker@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

ASN1 Information Site:
http://asn1.elibel.tm.fr/

--