[Snort-sigs] New Rule Submissions?

Ryan Hill rhill at ...290...
Thu Jan 24 11:39:01 EST 2002


All,

First attempt at writing new rules (be gentle), and I'm wondering if this is
the correct place to submit them for review and testing?

alert tcp $HTTP_SERVERS 8080 -> $EXTERNAL_NET any (msg:"WEB-MISC IpMonitor
access"; flags: A+; content:"IpMonitor"; classtype:attempted-recon;
sid:xxxx; rev:1;) 

This alert indicates that someone is accessing IpMonitor, a server
monitoring program similar to BigBrother.  IpMonitor is made by DeepMetrix,
Inc. - http://www.deepmetrix.com

Regards,

Ryan Hill, MCSE 
IT Ninja
Corporate Information Systems
TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001
pgp: 0x17CE70AB




More information about the Snort-sigs mailing list