[Snort-sigs] flowbits: acunetix.scanner
wkitty42 at ...3507...
Wed May 29 10:57:47 EDT 2013
there is no check rule in the *.rules files for flowbits: acunetix.scanner...
registered subscriber using latest rules pulled 26 May 2013 for
,,_ -*> Snort! <*-
o" )~ Version 126.96.36.199 GRE (Build 69)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 7.8 2008-09-05
Using ZLIB version: 1.2.6
May 26 04:25:44 frodo snort: WARNING: flowbits key 'acunetix.scanner' is
set but not ever checked.
$ grep -E "acunetix.scanner" /path/to/snort/*rules*/*.rules
/path/to/snort/rules/app-detect.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET
$HTTP_PORTS (msg:"APP-DETECT Acunetix web vulnerability scan attempt";
flow:to_server,established; content:"Acunetix-"; fast_pattern:only; http_header;
flowbits:set,acunetix.scanner; metadata:service http;
reference:url,www.acunetix.com; classtype:web-application-attack; sid:25358; rev:1;)
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-sigs