[Snort-sigs] modify port 80 to $HTTP_PORTS ? (snort233b14)

rmkml rmkml at ...324...
Fri Jul 29 08:39:28 EDT 2005


Hi,

on sid 106,283,311,488,619,1436,1437,1439,1440,1545,1832,2489,2490,2550

modify 80 to $HTTP_PORTS ?


example sid 106 :
  backdoor.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET 1054 
(msg:"BACKDOOR ACKcmdC trojan scan"; flow:stateless; ack:101058054; flags:A,12; 
seq:101058054; reference:arachnids,445; classtype:misc-activity; sid:106; 
rev:9;)

Regards
Rmkml




More information about the Snort-sigs mailing list