[Snort-sigs] New rules

Matthew Jonkman matt at ...2436...
Thu Jul 15 22:53:08 EDT 2004


These are on bleeding snort, along with a number of others posted today. 
I won't repost them here. Check out the ruleset at 
http://www.bleedingsnort.com.

We've also crossed the 500 signature mark in the bleeding rules set. 
Interesting milestone, thanks to everyone that has contributed and 
offered advice on what's been posted. We've a few hundred rules that 
aren't timely to get processed and posted, so stay tuned.

On that note, Joseph Gama has gone over his rule submission quota for 
the month. You owe us $47.83 for the extra minutes, how would you like 
to pay for that?  :)  You can submit more rules when your plan resets on 
the first of next month and you have more minutes available.

Just kidding Joseph, please keep them coming. We have more sigs he's 
posted to process that'll go into Stable-side. Very useful as well.

Thanks all

Matt

Joseph Gama wrote:

> Hello,
> Here are some new rules:
> 
> fix for SQL Injection false positives.txt - it should
> generate less false positives than the OR rule I sent
> before
> 
> hackedFTPserver.rule - detects if someone is using
> hidden stuff in the FTP Server (IIS)
> 
> HalfLifeServer.rule - checking DOS attacks on a Half
> Life server
> 
> IE spyware.rule - more spyware rules for IE
> 
> IISrules.rule - detects using ADS to get source
> 
> moreSQLinjection.rule - a few more rules
> 
> NMAP.rule - trying to detect most NMAP scans
> 
> Peace,
> 
> Joseph Gama
> 
> 
> 





More information about the Snort-sigs mailing list