Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-59868
This is caused by a DHCP failover event attempting to cause a DOS to the fail over server via memory corruption by a corruption of the vendor name field.
1-59867
This rule looks for traffic that exploits the vulenrability outlined in CVE-2022-0543.
1-59866
This rule looks for traffic that exploits the vulenrability outlined in CVE-2022-0543.
1-59865
This rule searches for serialized Java methods that can be used in a specific order to trigger a deserialization vulnerability in vulnerable versions of the Oracle Coherence library.
1-59864
This rule looks for a null byte inside of the vendor field of a DHCP failover packet. If there is incorrect value in the length field it can cause a DHCPFO packet to write out of bounds to the DHCPFO client.
1-59861
This rule will inspect the stream portion of the AVI header to detect an excessive value using the byte_test rule option. Excessive streams within the AVI may lead to a buffer overflow.