[Snort-sigs] snort-rules CURRENT update @ Fri Nov 21 13:15:18 2003

bmc at ...95... bmc at ...95...
Fri Nov 21 10:16:03 EST 2003


This rule update was brought to you by Oinkmaster.

[*] Rule modifications: [*]

  [///]       Modified active:     [///]

     file -> telnet.rules
     old: alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET livingston DOS"; flow:to_server,established; content:"|fff3 fff3 fff3 fff3 fff3|"; reference:arachnids,370; classtype:attempted-dos; sid:713; rev:5;)
     new: alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET livingston DOS"; flow:to_server,established; content:"|fff3 fff3 fff3 fff3 fff3|"; rawbytes; reference:arachnids,370; classtype:attempted-dos; sid:713; rev:6;)
     old: alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET access"; flow:from_server,established; content:"|FF FD 18 FF FD 1F FF FD 23 FF FD 27 FF FD 24|"; reference:arachnids,08; reference:cve,CAN-1999-0619; classtype:not-suspicious; sid:716; rev:5;)
     new: alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET access"; flow:from_server,established; content:"|FF FD 18 FF FD 1F FF FD 23 FF FD 27 FF FD 24|"; rawbytes; reference:arachnids,08; reference:cve,CAN-1999-0619; classtype:not-suspicious; sid:716; rev:6;)
     old: alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET bsd telnet exploit response"; flow:from_server,established; content: "|0D0A|[Yes]|0D0A FFFE 08FF FD26|"; classtype: attempted-admin; sid:1252; rev:8; reference:bugtraq,3064; reference:cve,CAN-2001-0554;)
     new: alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET bsd telnet exploit response"; flow:from_server,established; content: "|0D0A|[Yes]|0D0A FFFE 08FF FD26|"; rawbytes;classtype: attempted-admin; reference:bugtraq,3064; reference:cve,CAN-2001-0554; sid:1252; rev:9;)
     old: alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET bsd exploit client finishing"; flow:to_client,established; dsize:>200; content:"|FF F6 FF F6 FF FB 08 FF F6|"; offset:200; depth:50; classtype:successful-admin; sid:1253; reference:bugtraq,3064; reference:cve,CAN-2001-0554; rev:7;)
     new: alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"TELNET bsd exploit client finishing"; flow:to_client,established; dsize:>200; content:"|FF F6 FF F6 FF FB 08 FF F6|"; rawbytes; offset:200; depth:50; classtype:successful-admin; sid:1253; reference:bugtraq,3064; reference:cve,CAN-2001-0554; rev:8;)





More information about the Snort-sigs mailing list