[Snort-sigs] Crusoe Researches offer new rule for detecting last NTP mode (7) private request

rmkml rmkml at ...324...
Thu Dec 10 00:33:27 EST 2009


Hi,

Crusoe Researches offering a new rule for detecting last NTP mode (7) private request:
   http://www.Crusoe-Researches.com/en/ntprequestmode7privateuse.txt
remember to adjust the src/dst ips/ports variables!

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...
=> Crusoe Researches have more than 4325 UNIQ 'snort' rules for Commercial Access
              (Contact me directly if you are interested)

Crusoe Researches support Bro idps v1.5.0prerelease project format rules (http://www.bro-ids.org/):
Without specific signature, bro detect malformed (truncated) ntp request!

Azwalaro new nidps open source project (WireShark based)
   http://www.Crusoe-Researches.com/azwalaro/
   azwalaro at ...3281...
ntppriv.flags.r == 0 and (ntp.flags.vn >= 1 or ntp.flags.vn <= 4)

Happy Detect
Regards
Rmkml
Crusoe-Researches.com




More information about the Snort-sigs mailing list