[Snort-users] unknown attack

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Tue Mar 5 13:21:10 EST 2002


Does anyone know anything about this rule? I just upgraded Snort to 1.9dev
and am noticing this alert occasionally. I can't seem to find any info on
this. 

Is there a good place where I can look these up? I noticed whitehats is no
longer there......


WEB-ATTACKS id command attempt

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-ATTACKS id command
attempt"; flags:A+; content:"\;id";nocase; sid:1333; rev:1;
classtype:web-application-attack;)




More information about the Snort-users mailing list