[Snort-users] rule question

cdowns cdowns at ...1892...
Tue Sep 25 08:47:04 EDT 2001


I have created this rule for one of my IDS boxses but there is something
wrong does anyone see what could be wrong with this ? im overlooking
something simple im sure.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 3052 (msg:WEB-MISC APC
Network dot dot Bug"; uricontent:"/\../\../\../\..\/\../WINNT/repair/";
flags:A+; class
type:attempted-admin;)

thanks
-D

--
--------------------------------
 Network Security Administrator
     Christopher M Downs
    Skillsoft Corporation
  http://www.skillsoft.com
"you can't point and click your
 way to super cracker status -"
--------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010925/d54eb95e/attachment.html>


More information about the Snort-users mailing list