2010-09-14 19:24:03 +02:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
2010-10-14 02:45:31 +02:00
|
|
|
<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
|
2010-09-14 19:24:03 +02:00
|
|
|
|
|
|
|
<hyperalert>
|
|
|
|
<snort-id>1.1394.12</snort-id>
|
2010-09-15 13:24:05 +02:00
|
|
|
<desc>Shellcode x86 inc ecx NOOP</desc>
|
2010-09-14 19:24:03 +02:00
|
|
|
|
|
|
|
<pre>HostExists(+DST_ADDR+)</pre>
|
|
|
|
<pre>HasService(+DST_ADDR+, +DST_PORT+)</pre>
|
|
|
|
|
2010-09-15 13:24:05 +02:00
|
|
|
<post>HasRemoteAccess(+SRC_ADDR+, +DST_ADDR+)</post>
|
2010-09-14 19:24:03 +02:00
|
|
|
</hyperalert>
|
|
|
|
|