Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:643 |
| Message | SHELLCODE HP-UX NOOP |
| Summary | This event is generated when a buffer overflow attack is attempted against a target machine. |
| Impact | Serious. The attacker may be able to gain remote access to the system or have the ability to execute arbitrary code with the privileges of a system user. |
| Detailed Information | This rule tracks the bit combination which may occur in network packets aimed at overflowing HP-UX UNIX network services. The buffer overflow attack attempts to force the vulnerable application to execute attacker-controlled code in order to gain interactive access or run arbitrary commands on the vulnerable system. |
| Affected Systems | |
| Attack Scenarios | An attacker launches an overflow exploit against a vulnerable FTP server and gains the ability to start a shell session, thus obtaining interactive access to the target. |
| Ease of Attack | Simple |
| Corrective Action | Check the target host for other signs of compromise. Look for other events concerning the target host. Apply vendor supplied patches and keep the operating system up to date. |
| Additional References | Arachnids: http://www.whitehats.com/info/IDS359 |
| Rule References | arachnids: 359 |
--
DID:323404
--
http://www.aanval.com/