[Snort-sigs] New Sigs

Keith Pachulski Keith.Pachulski at ...2...
Wed Nov 1 14:45:26 EST 2000

With the first sig, during install the admin chooses the port the server
will listen on so there is no real defining port unfortunately.
alert tcp !$HOME_NET any -> $HOME_NET any (msg:"Possible Netscape Servers
Suite Multiple DoS Vulnerabilities"; flags:PA;
content:"/dsgw/bin/search?context="; nocase;)

alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"Unify eWave ServletExec File
Upload Vulnerability"; flags:PA; content:"/servlet";
content:"UploadServlet"; nocase;)

alert tcp !$HOME_NET any -> $HOME_NET 25 (msg:"Possible MS Exchange Server
MIME DoS Vulnerability"; flags:PA; content="|63 68 61 72 73 65 74 20 3D 20
22 22|";)

More information about the Snort-sigs mailing list