[Snort-sigs] snort-rules update @ Thu Aug 26 11:15:39 2004

bmc at ...95... bmc at ...95...
Thu Aug 26 08:19:39 EDT 2004


New rules:
2656 - EXPLOIT SSLv2 Client_Hello Challenge Length overflow attempt (exploit.rules, requires 2.2 or later)
2657 - EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt (exploit.rules, requires 2.2 or later)

Updated rules:
 120 - BACKDOOR Infector 1.6 Server to Client (backdoor.rules)
 121 - BACKDOOR Infector 1.6 Client to Server Connection Request (backdoor.rules)
 286 - POP3 EXPLOIT x86 BSD overflow (pop3.rules)
 289 - POP3 EXPLOIT x86 SCO overflow (pop3.rules)
 290 - POP3 EXPLOIT qpopper overflow (pop3.rules)
 658 - SMTP exchange mime DOS (smtp.rules)
 659 - SMTP expn decode (smtp.rules, requires 2.1 or later)
 660 - SMTP expn root (smtp.rules, requires 2.1 or later)
 662 - SMTP sendmail 5.5.5 exploit (smtp.rules)
 665 - SMTP sendmail 5.6.5 exploit (smtp.rules)
 667 - SMTP sendmail 8.6.10 exploit (smtp.rules)
 672 - SMTP vrfy decode (smtp.rules, requires 2.1 or later)
 686 - MS-SQL xp_reg* - registry access (sql.rules)
 689 - MS-SQL/SMB xp_reg* registry access (sql.rules)
 709 - TELNET 4Dgifts SGI account attempt (telnet.rules)
 710 - TELNET EZsetup account attempt (telnet.rules)
 711 - TELNET SGI telnetd format bug (telnet.rules)
 713 - TELNET livingston DOS (telnet.rules)
 714 - TELNET resolv_host_conf (telnet.rules)
 716 - TELNET access (telnet.rules)
 803 - WEB-CGI HyperSeek hsx.cgi directory traversal attempt (web-cgi.rules)
 819 - WEB-CGI mmstdod.cgi access (web-cgi.rules)
 823 - WEB-CGI cvsweb.cgi access (web-cgi.rules)
 826 - WEB-CGI htmlscript access (web-cgi.rules)
 827 - WEB-CGI info2www access (web-cgi.rules)
 830 - WEB-CGI NPH-publish access (web-cgi.rules)
 836 - WEB-CGI textcounter.pl access (web-cgi.rules)
 841 - WEB-CGI pfdisplay.cgi access (web-cgi.rules)
 843 - WEB-CGI anform2 access (web-cgi.rules)
 844 - WEB-CGI args.bat access (web-cgi.rules)
 847 - WEB-CGI campas access (web-cgi.rules)
 859 - WEB-CGI man.sh access (web-cgi.rules)
 889 - WEB-CGI ppdscgi.exe access (web-cgi.rules)
 902 - WEB-CGI tstisapi.dll access (web-cgi.rules)
1016 - WEB-IIS global.asa access (web-iis.rules)
1040 - WEB-IIS srchadm access (web-iis.rules)
1180 - WEB-MISC get32.exe access (web-misc.rules)
1252 - TELNET bsd telnet exploit response (telnet.rules)
1253 - TELNET bsd exploit client finishing (telnet.rules)
1308 - WEB-CGI sendmessage.cgi access (web-cgi.rules)
1448 - MISC MS Terminal server request (misc.rules)
1452 - WEB-CGI args.cmd access (web-cgi.rules)
1459 - WEB-CGI bb-histlog.sh access (web-cgi.rules)
1470 - WEB-CGI listrec.pl access (web-cgi.rules)
1473 - WEB-CGI newsdesk.cgi access (web-cgi.rules)
1474 - WEB-CGI cal_make.pl access (web-cgi.rules)
1476 - WEB-CGI sdbsearch.cgi access (web-cgi.rules)
1478 - WEB-CGI swc access (web-cgi.rules)
1482 - WEB-CGI view_source access (web-cgi.rules)
1508 - WEB-CGI alibaba.pl access (web-cgi.rules)
1544 - WEB-MISC Cisco Catalyst command execution attempt (web-misc.rules)
1550 - SMTP ETRN overflow attempt (smtp.rules, requires 2.1 or later)
1601 - WEB-CGI htsearch arbitrary file read attempt (web-cgi.rules)
1602 - WEB-CGI htsearch access (web-cgi.rules)
1607 - WEB-CGI HyperSeek hsx.cgi access (web-cgi.rules)
1608 - WEB-CGI htmlscript attempt (web-cgi.rules)
1634 - POP3 PASS overflow attempt (pop3.rules, requires 2.1 or later)
1650 - WEB-CGI tst.bat access (web-cgi.rules)
1704 - WEB-CGI cal_make.pl directory traversal attempt (web-cgi.rules)
1814 - WEB-MISC CISCO VoIP DOS ATTEMPT (web-misc.rules)
1877 - WEB-CGI printenv access (web-cgi.rules)
1934 - POP2 FOLD overflow attempt (pop2.rules, requires 2.1 or later)
1936 - POP3 AUTH overflow attempt (pop3.rules, requires 2.1 or later)
1937 - POP3 LIST overflow attempt (pop3.rules, requires 2.1 or later)
2049 - MS-SQL ping attempt (sql.rules)
2087 - SMTP From comment overflow attempt (smtp.rules)
2122 - POP3 UIDL negative arguement attempt (pop3.rules, requires 2.1 or later)
2209 - WEB-CGI getdoc.cgi access (web-cgi.rules)
2250 - POP3 USER format string attempt (pop3.rules)
2261 - SMTP SEND FROM sendmail prescan too many addresses overflow (smtp.rules, requires 2.1 or later)
2406 - TELNET APC SmartSlot default admin account attempt (telnet.rules)
2413 - EXPLOIT ISAKMP delete hash with empty hash attempt (exploit.rules)
2414 - EXPLOIT ISAKMP initial contact notification without SPI attempt (exploit.rules)
2415 - EXPLOIT ISAKMP second payload initial contact notification without SPI attempt (exploit.rules)
2487 - SMTP WinZip MIME content-type buffer overflow (smtp.rules, requires 2.1 or later)
2488 - SMTP WinZip MIME content-disposition buffer overflow (smtp.rules, requires 2.1 or later)
2518 - POP3 PCT Client_Hello overflow attempt (pop3.rules)
2546 - FTP MDTM overflow attempt (ftp.rules, requires 2.1 or later)





More information about the Snort-sigs mailing list