[Snort-sigs] Avoidance of 1672.10 (FTP CWD ~ attempt)

Brian bmc at ...95...
Tue Jul 6 07:52:01 EDT 2004


> I am proposing to add "nocase" to the command content clause:
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 21 
> (msg:"FTP CWD ~ attempt"; flow:to_server,established; 
> content:"CWD"; nocase;
> pcre:"/^CWD\s+~/smi"; reference:bugtraq,2601; reference:bugtraq,9215; 
> reference:cve,2001-0421; classtype:denial-of-service; sid:1672; rev:11;)

yep




More information about the Snort-sigs mailing list