[Snort-sigs] maybe rename msg on sid 1451 ?

rmkml rmkml at ...324...
Wed Jan 27 06:28:37 EST 2010


Hi,
look sid 1451:
  alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI NPH-publish access"; flow:to_server,established; uricontent:"/nph-maillist.pl"; nocase; metadata:service http; reference:bugtraq,2563; reference:cve,2001-0400; reference:nessus,10164; classtype:attempted-recon; sid:1451; rev:8;)
Maybe rename msg to "WEB-CGI NPH-maillist access" ?

and another sid contains same msg but not same uricontent:
  alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI NPH-publish access"; flow:to_server,established; uricontent:"/nph-publish"; nocase; reference:cve,1999-1177; reference:nessus,10164; classtype:attempted-recon; sid:830; rev:9;) 
Regards
Rmkml
Crusoe-Researches.com




More information about the Snort-sigs mailing list