[Snort-users] Meaning of exploit logs

Chris Green cmg at ...671...
Tue Jun 12 20:09:49 EDT 2001


"Jason Oakley" <JOakley at ...2247...> writes:

> Hi.
> 
> Where can I find the exact descriptions for, eg. "WEB-CGI redirect access".  Is there a central storage location? It would be handy if there was because probably not every security website would call the exploit/vulnerability the same thing.  I've done searches to try and find out what the above means and so far (after looking on many sites and about 10 search engines) have turned up not much at all.
>

Snort CVS helps with this a great deal by having helpful reference
tags. Having a checkout on hand is worth it even if you are just
poking to see what is up with the rulesets that Brian has been
actively cleaning up.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-CGI redirect
access";flags: A+; uricontent:"/redirect";
nocase;reference:bugtraq,1179; classtype:attempted-recon;)

Note the reference:

bugtraq 1179

maps to

http://www.securityfocus.com/bid/1179

sp_reference.h will give you the list of what references map to what
urls.
-- 
Chris Green <cmg at ...671...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list