Snort mailing list archives
flowbits: acunetix.scanner
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 29 May 2013 10:57:47 -0400
there is no check rule in the *.rules files for flowbits: acunetix.scanner... registered subscriber using latest rules pulled 26 May 2013 for ,,_ -*> Snort! <*- o" )~ Version 2.9.4.1 GRE (Build 69) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 7.8 2008-09-05 Using ZLIB version: 1.2.6 May 26 04:25:44 frodo snort[22314]: WARNING: flowbits key 'acunetix.scanner' is set but not ever checked. $ grep -E "acunetix.scanner" /path/to/snort/*rules*/*.rules /path/to/snort/rules/app-detect.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"APP-DETECT Acunetix web vulnerability scan attempt"; flow:to_server,established; content:"Acunetix-"; fast_pattern:only; http_header; flowbits:set,acunetix.scanner; metadata:service http; reference:url,www.acunetix.com; classtype:web-application-attack; sid:25358; rev:1;) -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- flowbits: acunetix.scanner waldo kitty (May 29)
- Re: flowbits: acunetix.scanner Joel Esler (May 29)