[Snort-sigs] Snort Community Rules Update
research at ...435...
Thu Oct 20 13:14:52 EDT 2005
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000169-100000174.
They cover buffer overflow attacks against the GFI MailSecurity
Management Host, the Lynx browser, and the RSA WebAgent for IIS, as well
as scans by the Amap service fingerprinting tool.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
A list of new rules and their SIDs follows.
Community Rules Maintainer
100000169 || WEB-ATTACKS Amap fingerprint attempt
100000170 || COMMUNITY WEB-ATTACKS GFI MailSecurity Management Host
Overflow Attempt Long Host Parameter
100000171 || COMMUNITY WEB-ATTACKS GFI MailSecurity Management Host
Overflow Attempt Long Accept Parameter
100000172 || COMMUNITY NNTP Lynx overflow attempt
100000173 || COMMUNITY WEB-IIS RSA WebAgent Redirect Overflow attempt
100000174 || COMMUNITY WEB-IIS RSA WebAgent access
More information about the Snort-sigs