[Snort-sigs] Crusoe Researches offer new rule for detecting Sun Web Proxy Server http Vary header overflow attempt!

rmkml rmkml at ...324...
Sun Nov 9 17:10:16 EST 2008


Hi,

Crusoe Researches offering a new rule for detecting Sun Web Proxy Server http Vary header overflow attempt:
http://www.Crusoe-Researches.com/en/sunwebproxyserverhttpvaryheaderoverflow.txt
remember to adjust the src port!

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...
=> Crusoe Researches have more than 3589 UNIQ 'snort' rules for Commercial Access
           (Contact me directly if you are interested)

Crusoe Researches support Bro idps v1.4.0 project format rules
(http://www.bro-ids.org/):
signature sid-93588 {
   ip-proto == tcp
   src-port == http_ports
   event "WEB-CLIENT Sun Web Proxy Server Vary header overflow attempt"
   tcp-state established,responder
   payload /.*[\x0d|\x0a]Vary\:[^\n]{100}/
   }

Azwalaro new nidps open source project (WireShark based)
   http://www.Crusoe-Researches.com/azwalaro/
   azwalaro at ...3281...
   http matches "^Vary\:[^\r\n]{100}"

Regards
Rmkml
Crusoe-Researches.com




More information about the Snort-sigs mailing list