[Snort-sigs] New rule for detect ftp MKD overflow

rmkml rmkml at ...324...
Tue Oct 11 06:59:16 EDT 2005


Hi,

Please check and add this rule :

ftp.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP MKD 
overflow attempt"; content:"MKD"; nocase; pcre:"/^MKD\s[^\n]{100}/smi";
reference:bugtraq,11772; classtype:attempted-admin;)

Regards
Rmkml





More information about the Snort-sigs mailing list