[Snort-sigs] Crusoe Researches offer new rule for detecting Safari Windows file: DoS

Ureleet ureleet at ...2420...
Thu Apr 24 17:38:00 EDT 2008


whoop.  yeah, what paul said

On Tue, Apr 22, 2008 at 5:26 PM, Paul Melson <pmelson at ...2420...> wrote:

> s/HTTP_SERVERS/HOME_NET/g
>
> PaulM
>
> On Tue, Apr 22, 2008 at 7:07 AM, rmkml <rmkml at ...324...> wrote:
> > Hi,
> >
> >  Crusoe Researches offering a new rule for detecting Safari Windows DoS:
> >   http://www.Crusoe-Researches.com/en/safariwindowsfiledos.txt
> >
> >  Credits:
> >  Crusoe Researches
> >  http://www.Crusoe-Researches.com
> >  contact at ...3281...
> >  => Crusoe Researches have more than 2806 UNIQ 'snort' rules for
> Commercial Access
> >          (Contact me directly if you are interested)
> >
> >  Crusoe Researches support Bro idps v1.3.25 project format rules
> >  (http://www.bro-ids.org/):
> >  signature sid-92806 {
> >    ip-proto == tcp
> >    event "WEB-CLIENT Safari file:// and % attempt"
> >    tcp-state established,responder
> >    http-body /.*[^a-zA-Z0-9][fF][iI][lL][eE]\:\/\/(.){0,2}\%/
> >    }
> >
> >
> >  Azwalaro new nidps open source project (WireShark based)
> >   http://www.Crusoe-Researches.com/azwalaro/
> >   azwalaro at ...3281...
> >   http matches "(?i)[^a-z0-9]file://(.){0,2}%"
> >
> >  Regards
> >  Rmkml
> >  Crusoe-Researches.com
> >
> >
>  -------------------------------------------------------------------------
> >  This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> >  Don't miss this year's exciting event. There's still time to save $100.
> >  Use priority code J8TL2D2.
> >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> >  _______________________________________________
> >  Snort-sigs mailing list
> >  Snort-sigs at lists.sourceforge.net
> >  https://lists.sourceforge.net/lists/listinfo/snort-sigs
> >
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20080424/a66f2824/attachment.html>


More information about the Snort-sigs mailing list