[Snort-sigs] Request for additions/corrections - Summary

Jim Forster jforster at ...11...
Wed Oct 25 15:53:51 EDT 2000


Sig-list,  :)
Here's the current Summary of 'beta' rules I have listed.  Any
changes/additions to these?  Is testing going ok with these?  I'd like to
post an updated 'beta' set on the snort.org site so we get a wide testing
field for them, once this group thinks they're ready to go.
If I remember correctly, someone had updated the MPEG AUDIO rules down to
just a few, but I can't find the mail now..... Anyone have a copy of it?
Thanks......

--Credits listed where I had noted it in my beta.rule set / apologies if I
missed anyone--

#--------------------------------------------------
# Current Unreleased BETA Rules - > 10/10/2000
#--------------------------------------------------

alert TCP any 110 -> $HOME_NET any (msg:"BETA Worm - Possible incoming
Matrix worm"; content: "Software provide by [MATRiX]"; nocase; )
alert TCP $HOME_NET any -> any 25 (msg:"BETA Worm - Possible Outgoing Matrix
Worm"; content: "Software provide by [MATRiX]"; nocase; )
alert TCP any any -> any 80 (msg:"BETA - INFO - FrontPage Authoring"; flags:
PA; content:"POST"; content:"author.dll"; nocase;)



More information about the Snort-sigs mailing list