[Snort-sigs] POP2 commands case-sensitive?

Brian bmc at ...95...
Tue Jul 6 08:14:03 EDT 2004


On Tue, Jun 08, 2004 at 11:01:43AM -0600, nnposter at ...592... wrote:
> P.S. As a side note, it seems that rule definition for 1935 has been
> changed sometimes in May but the revision number has NOT been incremented.
> 
> April version of 1935.4:
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 109 
> (msg:"POP2 FOLD arbitrary file attempt"; flow:to_server,established; 
> content:"FOLD"; nocase; pcre:"/^FOLD\s+\//smi"; classtype:misc-attack; 
> sid:1935; rev:4;)
> 
> Current version of 1935.4:
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 109 
> (msg:"POP2 FOLD arbitrary file attempt"; flow:established,to_server; 
> pcre:"/^FOLD\s+\//smi"; content:"FOLD"; classtype:misc-attack; 
> sid:1935; rev:4;)

fixed.




More information about the Snort-sigs mailing list