[Snort-sigs] VECNA scan rules

Joseph Gama josephgama at ...144...
Tue Jul 20 18:27:16 EDT 2004


alert tcp $EXTERNAL_NET any -> $HOME_NET any
(msg:"SCAN Vecna URG"; flags:U,12; flow:stateless;
reference:url, www.securityfocus.com/archive/1/42136;
classtype:attempted-recon; sid:99999; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET any
(msg:"SCAN Vecna URG FIN"; flags:FU,12;
flow:stateless; reference:url,
www.securityfocus.com/archive/1/42136;
classtype:attempted-recon; sid:99999; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET any
(msg:"SCAN Vecna URG PSH"; flags:PU,12;
flow:stateless; reference:url,
www.securityfocus.com/archive/1/42136;
classtype:attempted-recon; sid:99999; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET any
(msg:"SCAN Vecna PSH"; flags:P,12; flow:stateless;
reference:url, www.securityfocus.com/archive/1/42136;
classtype:attempted-recon; sid:99999; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET any
(msg:"SCAN Vecna PSH FIN"; flags:FP,12;
flow:stateless; reference:url,
www.securityfocus.com/archive/1/42136;
classtype:attempted-recon; sid:99999; rev:1;)



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




More information about the Snort-sigs mailing list