snort rules....

[f z <freezc101 () yahoo com>]

thank's shawn...:)

can you teach me how to read/understand this set of
rules...because i have to present it to my friend and
my project supervisor....specially on the "msg"....


alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23
(msg:"TELNET Solaris memory mismanagement exploit
attempt"; flow:to_server,established; content:"|A0 23
A0 10 AE 23 80 10 EE 23 BF EC 82 05 E0 D6 90 25 E0|";
classtype:shellcode-detect; sid:1430; rev:6;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP
CEL overflow attempt";flow:to_server,established;
content:"CEL "; nocase; content:!"|0a|"; within:100;
reference:bugtraq,679; reference:cve,CVE-1999-0789;
reference:arachnids,257; classtype:attempted-admin;
sid:337; rev:5;)

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS
(msg:"WEB-IIS MDAC Content-Type overflow attempt";
flow:to_server,established; uricontent:"/msadcs.dll";
content:"Content-Type\:"; content:!"|0A|"; within:50;
reference:cve,CAN-2002-1142;
reference:url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337;
classtype:web-application-attack; sid:1970; rev:1;)

thank's......





__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/


-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users