Snort mailing list archives
snort rules....
From: f z <freezc101 () yahoo com>
Date: Sat, 25 Oct 2003 20:38:57 -0700 (PDT)
thank's shawn...:) can you teach me how to read/understand this set of rules...because i have to present it to my friend and my project supervisor....specially on the "msg".... alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET Solaris memory mismanagement exploit attempt"; flow:to_server,established; content:"|A0 23 A0 10 AE 23 80 10 EE 23 BF EC 82 05 E0 D6 90 25 E0|"; classtype:shellcode-detect; sid:1430; rev:6;) alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP CEL overflow attempt";flow:to_server,established; content:"CEL "; nocase; content:!"|0a|"; within:100; reference:bugtraq,679; reference:cve,CVE-1999-0789; reference:arachnids,257; classtype:attempted-admin; sid:337; rev:5;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS MDAC Content-Type overflow attempt"; flow:to_server,established; uricontent:"/msadcs.dll"; content:"Content-Type\:"; content:!"|0A|"; within:50; reference:cve,CAN-2002-1142; reference:url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337; classtype:web-application-attack; sid:1970; rev:1;) thank's...... __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort rules.... f z (Oct 25)
- <Possible follow-ups>
- Re: snort rules.... Shawn Truax (Oct 25)