[Snort-users] rule question

cdowns cdowns at ...1892...
Tue Sep 25 08:47:04 EDT 2001

I have created this rule for one of my IDS boxses but there is something
wrong does anyone see what could be wrong with this ? im overlooking
something simple im sure.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 3052 (msg:WEB-MISC APC
Network dot dot Bug"; uricontent:"/\../\../\../\..\/\../WINNT/repair/";
flags:A+; class


 Network Security Administrator
     Christopher M Downs
    Skillsoft Corporation
"you can't point and click your
 way to super cracker status -"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010925/d54eb95e/attachment.html>

More information about the Snort-users mailing list