[Snort-sigs] New Rule Submissions?
rhill at ...290...
Thu Jan 24 11:39:01 EST 2002
First attempt at writing new rules (be gentle), and I'm wondering if this is
the correct place to submit them for review and testing?
alert tcp $HTTP_SERVERS 8080 -> $EXTERNAL_NET any (msg:"WEB-MISC IpMonitor
access"; flags: A+; content:"IpMonitor"; classtype:attempted-recon;
This alert indicates that someone is accessing IpMonitor, a server
monitoring program similar to BigBrother. IpMonitor is made by DeepMetrix,
Inc. - http://www.deepmetrix.com
Ryan Hill, MCSE
Corporate Information Systems
TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001
More information about the Snort-sigs