[Snort-sigs] Preliminary rules for PROTOS Suite

ceballosm at ...47... ceballosm at ...47...
Thu Feb 14 14:42:03 EST 2002


I've came up with these rules while doing some testing with the PROTOS SNMP suite.
 
The first will log default attacks using c06-snmpv1-req-app-r1.jar.

alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"Attack using PROTOS Test-Suite-req-app";
content: "|30 26 02 01 00 04 06 70 75 62 6C 69 63 A0 19 02 01 00 02 01 00 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 05 00 
05 00|";)

send will log default attacks using c06-snmpv1-trap-app-r1.jar

alert udp $EXTERNAL_NET any -> $HOME_NET 162 (msg:"Attack using PROTOS Test-Suite-trap-app"; content:"|30 38 02 01 00 04 06 
70 75 62 6C 69 63 A4 2B 06|";)



Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/





More information about the Snort-sigs mailing list