|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Snort-sigs] WebDAV nessus script?
From: Frank Knobbe <fknobbe(at)knobbeits.com>
Date: Tue Mar 18 2003 - 21:54:32 EST
This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigsReceived on Tue Mar 18 22:28:47 2003
Date: Tue Mar 18 2003 - 21:54:32 EST
On Tue, 2003-03-04 at 19:41, Brian wrote:
> If you arn't using WEBDAV, you probably want to enable the rules Frank
Holy carp. So GET is in again? I thought the exploit didn't work on it? Oh well, yeah, don't enable the log rules on GET. You might as well run tcpdump's instead :)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"IIS-WebDAV Exploit";
flow:established,to_server;content:!"/";offset:14; within:1000;)
It still triggers on partial packets though. Probably needs a session; or something...
Later,
Frank
This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
- application/pgp-signature attachment: This is a digitally signed message part
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |