Where do these rules come from?

[Steve Halligan <agent33 () geeksquad com>]

This is just an example from web-cgi rules.  There are several more like
this.  Is the something that has a /calendar that is a problem?  If so, why
isn't it named in the rule.  I don't have a problem commenting it out,
because I know that I have nothing with a /calendar url, but I just got to
wondering why rules like this are there in the first place.  It can make it
difficult to decide whether to remove a rule, with no reference as to what
the exploit/scan is that the rule is designed for.



alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-CGI calendar
access";flags: A+; uricontent:"/calendar"; nocase;
classtype:attempted-recon; sid:882; rev:1;)

-Steve

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users