[Snort-sigs] Snort Community Rules Update

Alex Kirk alex.kirk at ...435...
Thu Oct 13 09:45:30 EDT 2005


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000165-100000168. 
They cover a buffer overflow attack against the Sentinel License Manager 
and a denial of service attack against Oracle databases, and provide 
detection for two vectors of the Hydra password-cracking tool.

Sourcefire would like to thank rmkml for submitting these rules. As a 
reminder, anyone who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000165 || COMMUNITY EXPLOIT Sentinel LM exploit
100000166 || COMMUNITY ORACLE TNS Listener shutdown via iSQLPlus attempt
100000167 || COMMUNITY SMTP Hydra Activity Detected
100000168 || COMMUNITY WEB-ATTACKS Hydra Activity Detected




More information about the Snort-sigs mailing list