[Snort-sigs] Crusoe Researches offer new rule for detecting Safari Windows file: DoS

Paul Melson pmelson at ...2420...
Tue Apr 22 17:26:56 EDT 2008


s/HTTP_SERVERS/HOME_NET/g

PaulM

On Tue, Apr 22, 2008 at 7:07 AM, rmkml <rmkml at ...324...> wrote:
> Hi,
>
>  Crusoe Researches offering a new rule for detecting Safari Windows DoS:
>   http://www.Crusoe-Researches.com/en/safariwindowsfiledos.txt
>
>  Credits:
>  Crusoe Researches
>  http://www.Crusoe-Researches.com
>  contact at ...3281...
>  => Crusoe Researches have more than 2806 UNIQ 'snort' rules for Commercial Access
>          (Contact me directly if you are interested)
>
>  Crusoe Researches support Bro idps v1.3.25 project format rules
>  (http://www.bro-ids.org/):
>  signature sid-92806 {
>    ip-proto == tcp
>    event "WEB-CLIENT Safari file:// and % attempt"
>    tcp-state established,responder
>    http-body /.*[^a-zA-Z0-9][fF][iI][lL][eE]\:\/\/(.){0,2}\%/
>    }
>
>
>  Azwalaro new nidps open source project (WireShark based)
>   http://www.Crusoe-Researches.com/azwalaro/
>   azwalaro at ...3281...
>   http matches "(?i)[^a-z0-9]file://(.){0,2}%"
>
>  Regards
>  Rmkml
>  Crusoe-Researches.com
>
>  -------------------------------------------------------------------------
>  This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>  Don't miss this year's exciting event. There's still time to save $100.
>  Use priority code J8TL2D2.
>  http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>  _______________________________________________
>  Snort-sigs mailing list
>  Snort-sigs at lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list