GEN:SID | 1:651 |
Message | SHELLCODE x86 stealth NOOP |
Summary | Binary data in the packet matched one kind of byte sequence used as filler in buffer overflow attacks.
|
Impact | It is possible someone was attempting a buffer overflow to gain unauthorized access to one of your servers.
|
Detailed Information | This rule triggers when a binary pattern appears in the packet contents which matches one form of filler-bytes used in buffer overflow attacks. Buffer overflows allow execution of arbitrary code with the privlege level of the affected server process. A very detailed discussion of how basic buffer overflows work can be found in the text of "Smashing the stack for fun and profit" by Aleph One in Phrack #49.
|
Affected Systems | |
Attack Scenarios | If the attacker suspects you have a server which is vulnerable to buffer overflow, they will attempt to exploit this vulnerability to gain access.
|
Ease of Attack | Tools that use buffer overflows with stealth nop are widely available.
|
Corrective Action | |
Additional References | http://online.securityfocus.com/library/14
|
Rule References | arachnids: 291
|