[Snort-sigs] New rule for detect Lynx nntp overflow

rmkml rmkml at ...324...
Wed Oct 19 09:26:27 EDT 2005


Hi,

Please check and add this new rule :

nntp.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"NNTP Lynx overflow attempt";
flow:to_server,established; content:"Subject"; nocase; 
pcre:"/^Subject\x3a[^\n]{100,}/smi"; reference,2005-3120;
reference,bid:15117; reference,osvdb:20019; reference,nessus:20035; 
classtype:attempted-admin; )

Regards
Rmkml




More information about the Snort-sigs mailing list