Snort mailing list archives
Re: Meaning of exploit logs
From: Chris Green <cmg () uab edu>
Date: 12 Jun 2001 19:09:49 -0500
"Jason Oakley" <JOakley () orange net au> writes:
Hi. Where can I find the exact descriptions for, eg. "WEB-CGI redirect access". Is there a central storage location? It would be handy if there was because probably not every security website would call the exploit/vulnerability the same thing. I've done searches to try and find out what the above means and so far (after looking on many sites and about 10 search engines) have turned up not much at all.
Snort CVS helps with this a great deal by having helpful reference tags. Having a checkout on hand is worth it even if you are just poking to see what is up with the rulesets that Brian has been actively cleaning up. alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-CGI redirect access";flags: A+; uricontent:"/redirect"; nocase;reference:bugtraq,1179; classtype:attempted-recon;) Note the reference: bugtraq 1179 maps to http://www.securityfocus.com/bid/1179 sp_reference.h will give you the list of what references map to what urls. -- Chris Green <cmg () uab edu> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Meaning of exploit logs Jason Oakley (Jun 12)
- Re: Meaning of exploit logs Chris Green (Jun 12)
- Re: Meaning of exploit logs Grant Parkinson (Jun 12)