[Snort-sigs] Has a rule been created for this?

evilghost at ...3397... evilghost at ...3397...
Tue Apr 13 12:39:48 EDT 2010


PHP is server-side, what behavior were you wanting to alert on 
specifically? Best I can figure you want to detect on upload of this 
file to an HTTPd, correct?

-evilghost

Adam Richards wrote:
> I have been seeing this obfuscated php file around a lot lately and I
> wasn't sure if there was a rule yet for it. There are a few unique
> strings in it that we can look for. 
> http://webcache.googleusercontent.com/search?q=cache:MyKUomVp7rQJ:forums
> .devnetwork.net/viewtopic.php%3Ff%3D34%26t%3D88942+L0oZuRpAnTz&cd=1&hl=e
> n&ct=clnk&gl=us
>
>
> Adam Richards,CISSP | CEH
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>   




More information about the Snort-sigs mailing list