[Snort-sigs] Crusoe Researches offer new rule for detecting Safari Windows file: DoS

rmkml rmkml at ...324...
Tue Apr 22 07:07:21 EDT 2008


Hi,

Crusoe Researches offering a new rule for detecting Safari Windows DoS:
  http://www.Crusoe-Researches.com/en/safariwindowsfiledos.txt

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...
=> Crusoe Researches have more than 2806 UNIQ 'snort' rules for Commercial Access
         (Contact me directly if you are interested)

Crusoe Researches support Bro idps v1.3.25 project format rules 
(http://www.bro-ids.org/):
signature sid-92806 {
   ip-proto == tcp
   event "WEB-CLIENT Safari file:// and % attempt"
   tcp-state established,responder
   http-body /.*[^a-zA-Z0-9][fF][iI][lL][eE]\:\/\/(.){0,2}\%/
   }


Azwalaro new nidps open source project (WireShark based)
  http://www.Crusoe-Researches.com/azwalaro/
  azwalaro at ...3281...
  http matches "(?i)[^a-z0-9]file://(.){0,2}%"

Regards
Rmkml
Crusoe-Researches.com




More information about the Snort-sigs mailing list