[Snort-sigs] New rules
matt at ...2436...
Thu Jul 15 22:53:08 EDT 2004
These are on bleeding snort, along with a number of others posted today.
I won't repost them here. Check out the ruleset at
We've also crossed the 500 signature mark in the bleeding rules set.
Interesting milestone, thanks to everyone that has contributed and
offered advice on what's been posted. We've a few hundred rules that
aren't timely to get processed and posted, so stay tuned.
On that note, Joseph Gama has gone over his rule submission quota for
the month. You owe us $47.83 for the extra minutes, how would you like
to pay for that? :) You can submit more rules when your plan resets on
the first of next month and you have more minutes available.
Just kidding Joseph, please keep them coming. We have more sigs he's
posted to process that'll go into Stable-side. Very useful as well.
Joseph Gama wrote:
> Here are some new rules:
> fix for SQL Injection false positives.txt - it should
> generate less false positives than the OR rule I sent
> hackedFTPserver.rule - detects if someone is using
> hidden stuff in the FTP Server (IIS)
> HalfLifeServer.rule - checking DOS attacks on a Half
> Life server
> IE spyware.rule - more spyware rules for IE
> IISrules.rule - detects using ADS to get source
> moreSQLinjection.rule - a few more rules
> NMAP.rule - trying to detect most NMAP scans
> Joseph Gama
More information about the Snort-sigs