[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Thu Oct 20 13:14:52 EDT 2005


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000169-100000174. 
They cover buffer overflow attacks against the GFI MailSecurity 
Management Host, the Lynx browser, and the RSA WebAgent for IIS, as well 
as scans by the Amap service fingerprinting tool.

Sourcefire would like to thank rmkml for submitting these rules. As a 
reminder, anyone who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000169 || WEB-ATTACKS Amap fingerprint attempt
100000170 || COMMUNITY WEB-ATTACKS GFI MailSecurity Management Host 
Overflow Attempt Long Host Parameter
100000171 || COMMUNITY WEB-ATTACKS GFI MailSecurity Management Host 
Overflow Attempt Long Accept Parameter
100000172 || COMMUNITY NNTP Lynx overflow attempt
100000173 || COMMUNITY WEB-IIS RSA WebAgent Redirect Overflow attempt
100000174 || COMMUNITY WEB-IIS RSA WebAgent access




More information about the Snort-sigs mailing list