[Snort-users] more on problems with Files/rule_breakout/*

Phil Wood cpw at ...440...
Mon Jan 22 20:21:04 EST 2001


Folks,

This is probably old news but, ...

The rule files beta and false needs some attention:

diff beta.hog*
25c25
< (msg:"BETA - Connection to Cold Fusion Admin"; content:"//cfide//administrator//index.cfm"; nocase;) 
---
> alert tcp $EXTERNAL any -> $INTERNAL 80 (msg:"BETA - Connection to Cold Fusion Admin"; content:"//cfide//administrator//index.cfm"; nocase;) 

diff false.hog*
5c5
< alert tcp !$INTERNAL any -> $INTERNAL 80 (msg:"High False Rule - WEB-CGI-query";flags:PA; content:"cgi-bin/query"; nocase) 
---
> alert tcp !$INTERNAL any -> $INTERNAL 80 (msg:"High False Rule - WEB-CGI-query";flags:PA; content:"cgi-bin/query"; nocase;) 


Thanks,

Phil




More information about the Snort-users mailing list