[Snort-sigs] snortrules-stable bug patches

Snort user snort at ...1427...
Thu Apr 3 23:35:20 EST 2003


--- idsrules.orig	Fri Mar 28 22:09:30 2003
+++ idsrules	Fri Mar 28 22:12:58 2003
@@ -177 +177 @@
-alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC Non-Standard IP protocol"; ip_proto:!1; ip_proto:!2; ip_proto:!6; ip_proto:!47; ip_proto:!50; ip_proto:!51; ip_proto:!89; classtype:non-standard-protocol; sid:1620; rev:3;)
+#alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC Non-Standard IP protocol"; ip_proto:!1; ip_proto:!2; ip_proto:!6; ip_proto:!47; ip_proto:!50; ip_proto:!51; ip_proto:!89; classtype:non-standard-protocol; sid:1620; rev:3;)
@@ -226 +226 @@
-alert udp $EXTERNAL_NET 4120 -> $HOME_NET any (msg:"BACKDOOR DeepThroat access"; content: "--Ahhhhhhhhhh"; reference:arachnids,405; sid:113;  classtype:misc-act ivity; rev:4;)
+alert udp $EXTERNAL_NET 4120 -> $HOME_NET any (msg:"BACKDOOR DeepThroat access"; content: "--Ahhhhhhhhhh"; reference:arachnids,405; sid:113;  classtype:misc-activity; rev:4;)
@@ -701 +701 @@
-alert tcp $EXTERNAL_NET any -> $HOME_NET 500: (msg:"RPC AMD TCP version request"; flow:to_sever,established; content:"|00 04 93 F3|"; content:"|00 00 00 08|"; distance:4; within:4; classtype:rpc-portmap-decode; sid:1955; rev:1;)
+alert tcp $EXTERNAL_NET any -> $HOME_NET 500: (msg:"RPC AMD TCP version request"; flow:to_server,established; content:"|00 04 93 F3|"; content:"|00 00 00 08|"; distance:4; within:4; classtype:rpc-portmap-decode; sid:1955; rev:1;)
@@ -1537 +1537 @@
-alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Cisco IOS HTTP configuration attempt"; uricontent:"/level/*/exec/"; regex; flow:to_server,established; classtype:web-application-attack; reference:bugtraq,2936; sid:1250;  rev:6;)
+alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Cisco IOS HTTP configuration attempt"; uricontent:"/level/*/exec/"; flow:to_server,established; classtype:web-application-attack; reference:bugtraq,2936; sid:1250;  rev:6;)
@@ -1584 +1584 @@
-alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC tomcat server snoop access"; flow:to_server,established; uricontent:"/jsp/snp/*.snp"; regex; reference:cve,CAN-2000-0760; reference:bugtraq,1532; classtype:attempted-recon; sid:1108;  rev:6;)
+alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC tomcat server snoop access"; flow:to_server,established; uricontent:"/jsp/snp/*.snp"; reference:cve,CAN-2000-0760; reference:bugtraq,1532; classtype:attempted-recon; sid:1108;  rev:6;)




More information about the Snort-sigs mailing list