The corrected IDS alert stems from VladimirAnufriev in 2011
and was again replaced by a later one. reference:url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/; classtype:shellcode-detect; sid:2012086; rev:1;)
See: http://urlquery.net/report.php?id=3566394
Type shellcode-detect → ontent:“|E8 00 00 00 00 8F|”; fast_pattern:only;
site blacklisted here: http://www.siteadvisor.com/sites/wt1.cngr.cn
See for various patterns and various IP: http://www.bothunter.net/live/2012-07-17/index.html
Read about this attack dating from 2010 → http://www.networkforensics.com/tag/agility/
More recently used - example: http://urlquery.net/report.php?id=1689044
polonus