Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
17 lines (16 sloc) 505 Bytes
title: Buffer Overflow Attempts
description: Detects buffer overflow attempts in Unix system log files
references:
- https://github.com/ossec/ossec-hids/blob/master/etc/rules/attack_rules.xml
logsource:
product: unix
detection:
keywords:
- 'attempt to execute code on stack by'
- 'FTP LOGIN FROM .* 0bin0sh'
- 'rpc.statd[\d+]: gethostbyname error for'
- 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
condition: keywords
falsepositives:
- Unkown
level: high