[Snort-sigs] snort signatures.

Joseph Nicholas Yarbrough nyarbrough at ...5...
Thu Oct 19 16:32:57 EDT 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Here are a few signatures for public use.

#%c0%hh/%c1%hh IIS exploit
alert tcp any any -> any 80 (msg:"WEB-IIS command exec attempt"; flags:PA; content:"|25 63 30 25 68 68|";)
alert tcp any any -> any 80 (msg:"WEB-IIS command exec attempt"; flags:PA; content:"|25 63 31 25 68 68|";)

#amazon "one-click cookie theft"
alert TCP any any -> any any (msg: "WEB Amazon 1-click cookie theft"; flags: PA; content:"ref%3Cscript%20language%3D%22Javascript"; nocase;)

#Anaconda Foundation Directory directory transversal attempt.
alert tcp any any -> any 80 (msg:"WEB-CGI-Anaconda-FD directory transversal vulnerability attempt"; flags:PA; content:"template=../"; nocase;)

These were developed by Joe Stewart( jstewart at ...5... ) and Nick Yarbrough( nyarbrough at ...5... ) for Lurhq Corp.( www.lurhq.com )


Joseph Nicholas Yarbrough
Network Security Analyst
LURHQ Corporation
http://www.lurhq.com
==========================>
843-347-1075 ext. 312
nyarbrough at ...5...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjnvWn8ACgkQ0Uan+RSLs4l8kgCdGDleKgDEvaYn+5zXda9C/Mad
ZbUAn2U8sjssahdYRH+Tn4JO6GuKFnzH
=Suvz
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: public_key.asc
Type: application/pgp-keys
Size: 1734 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20001019/14995368/attachment.key>


More information about the Snort-sigs mailing list