[Snort-sigs] Blaster/Lovosan Rules

Gregor Domhan g_domhan at ...1771...
Fri Aug 15 05:41:10 EDT 2003


Hi All,

here are the working Rules for the Lovosan/Blaster Worm

alert tcp any any -> any 4444 (msg:"msblast.exe TCP Content II"; content:"|6D 73 62 6C 61 73 74 2E
65 78 65|"; classtype:unknown;)
alert tcp any any -> any 135 (msg:"W32.blast TCP Content II"; content:"|9B 26 E1 61 34 68 B0 83 62
54 1F 8C F4 B9 CE 9C|"; classtype:unknown;)
#
alert tcp any any -> any 4444 (msg:"Lovosan.B TCP 4444 Content"; content:"|74 65 65 6b 69 64 73 2E
65 78 65|"; classtype:unknown;)
alert tcp any any -> any 135 (msg:"Lovosan.B TCP 135 Content"; content:"|74 65 65 6b 69 64 73 2E
65 78 65|"; classtype:unknown;)
#
alert tcp any any -> any 4444 (msg:"Lovosan.C TCP 4444 Content"; content:"|70 65 6E 69 73 33 32 2E
65 78 65|"; classtype:unknown;)
alert tcp any any -> any 135 (msg:"Lovosan.C TCP 135 Content"; content:"||70 65 6E 69 73 33 32 2E
65 78 65|"; classtype:unknown;)

__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de




More information about the Snort-sigs mailing list