[Snort-sigs] New submissions

Matthew Jonkman matt at ...2436...
Thu Jul 8 14:54:01 EDT 2004


A couple changes and a new rule are posted:

Jonathan Miner sent us this, he had started seeing the requests in 
webproxy logs for:

http://s.abetterinternet.com/bi/servlet/BIMaster?adcontext={blah...

This ought to get them:

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"BLEEDING-EDGE Malware 
Binet"; uricontent:"/bi/servlet/BIMaster?"; nocase; classtype: 
policy-violation; 
reference:url,sarc.com/avcenter/venc/data/pf/adware.binet.html; 
sid:2000358; rev:1;)

Jonathan also recommended an update for the rcprograms rule which has 
been posted.

The bittorrent rules have also been updated to reflect flow rather than 
flags.

Thanks all for your submissions. Please keep them coming!!

Matt





More information about the Snort-sigs mailing list