GEN:SID 1:651
Message SHELLCODE x86 stealth NOOP
Summary Binary data in the packet matched one kind of byte sequence used as filler in buffer overflow attacks.
Impact It is possible someone was attempting a buffer overflow to gain unauthorized access to one of your servers.
Detailed Information This rule triggers when a binary pattern appears in the packet contents which matches one form of filler-bytes used in buffer overflow attacks. Buffer overflows allow execution of arbitrary code with the privlege level of the affected server process. A very detailed discussion of how basic buffer overflows work can be found in the text of "Smashing the stack for fun and profit" by Aleph One in Phrack #49.
Affected Systems  
Attack Scenarios If the attacker suspects you have a server which is vulnerable to buffer overflow, they will attempt to exploit this vulnerability to gain access.

Ease of Attack Tools that use buffer overflows with stealth nop are widely available.
Corrective Action  
Additional References http://online.securityfocus.com/library/14

Rule References arachnids: 291