[Snort-sigs] new snort rule for detect last finger solaris 7-9 vulnerability !

rmkml rmkml at ...324...
Mon Aug 13 15:30:30 EDT 2007


Hi,

please check and maybe add this new rule :

alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER single digit list all accounts attempt"; flow:to_server,established; dsize:1; pcre:"/\d/"; reference:cve,2007-4310; classtype:attempted-recon; sid:92131; rev:1;)

Any suggestions and improvements are welcome,

Credits:
  Crusoe Researches
  http://www.Crusoe-Researches.com
  contact at ...3281...
=> Crusoe Researches have created more than 2132 UNIQ 'snort' rules for Commercial Access
      (Contact me directly if you are interested)

Azwalaro new nidps open source project
  http://www.Crusoe-Researches.com/azwalaro/
  azwalaro at ...3281...

Regards
Rmkml




More information about the Snort-sigs mailing list