[Snort-sigs] snort-rules STABLE update @ Wed May 28 14:16:41 2003

bmc at ...95... bmc at ...95...
Wed May 28 11:19:19 EDT 2003


This rule update was brought to you by Oinkmaster.
Written by Andreas Östling <andreaso at ...58...>


[*] Rule modifications: [*]

  [///]       Modified active:     [///]

     file -> attack-responses.rules
     old: alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"ATTACK-RESPONSES id check returned userid"; content:"uid="; byte_test:5,<,65537,0,relative,string; classtype:bad-unknown; sid:1882; rev:4;)
     new: alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"ATTACK-RESPONSES id check returned userid"; content:"uid="; byte_test:5,<,65537,0,relative,string; content:"gid="; distance:1; within:15; byte_test:5,<,65537,0,relative,string; classtype:bad-unknown; sid:1882; rev:7;)





More information about the Snort-sigs mailing list