[Snort-sigs] new rule for detect Hasbani-WindWeb GET DoS

rmkml rmkml at ...324...
Fri Oct 28 07:25:05 EDT 2005


Hi,

please check and add this new rule :

web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
(msg:"WEB-MISC Hasbani-WindWeb GET DoS attempt"; 
flow:to_server,established; uricontent:"..\:..\:..\:.."; 
reference:bugtraq,15225; reference:nessus,20097; )

This rule detect exploit on Hasbani-WindWeb GET DoS,
another sid detect this long uri :
  (http_inspect) OVERSIZE REQUEST-URI DIRECTORY

Improve are welcome.

Regards





More information about the Snort-sigs mailing list