#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; reference:url,doc.emergingthreats.net/bin/view/Main/2002917; classtype:successful-admin; sid:2002917; rev:6;)

Added 2011-10-12 19:12:31 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; reference:url,doc.emergingthreats.net/bin/view/Main/2002917; sid:2002917; rev:6;)

Added 2011-09-14 22:25:28 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; reference:url,doc.emergingthreats.net/bin/view/Main/2002917; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_RealVNC; sid:2002917; rev:6;)

Added 2011-02-04 17:22:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; reference:url,doc.emergingthreats.net/bin/view/Main/2002917; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_RealVNC; sid:2002917; rev:6;)

Added 2009-02-07 22:00:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; reference:url,doc.emergingthreats.net/bin/view/Main/2002917; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_RealVNC; sid:2002917; rev:6;)

Added 2009-02-07 22:00:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; sid:2002917; rev:5;)

Added 2008-05-18 19:52:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; sid:2002917; rev:5;)

Added 2008-05-18 19:52:13 UTC


alert tcp $HOME_NET any -> any any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; sid:2002917; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $HOME_NET any -> any any (msg:"ET EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; sid:2002917; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $HOME_NET any -> any any (msg:"BLEEDING-EDGE EXPLOIT RealVNC? Server Authentication Bypass Successful"; flowbits:isset,BSvnc.null.auth.sent; flow:established; dsize:4; content:"|00 00 00 00|"; depth:4; classtype:successful-admin; flowbits:unset,BSis.vnc.setup; flowbits:unset,BSvnc.auth.offered; reference:url,secunia.com/advisories/20107/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html; reference:cve,2006-2369; sid:2002917; rev:3;)


This rule is part of the class succesful-admin. The default priority is therefore 1. Shouldn't it be increased to 2 or maybe 3?

-- CeesElzinga - 03 May 2007

1 is the highest priority, 2 and 3 are lower.

So yes, I agree, it should be very high in priority. But it already is. smile

Note: You can override priority of the class with the priority: tag. If that's not set the class's priority is used.

Matt

-- MattJonkman - 03 May 2007


Topic revision: r3 - 2007-05-03 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats