|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Snort-sigs] snort-rules CURRENT update @ Wed Mar 26 17:04:05 2003
Date: Wed Mar 26 2003 - 17:13:14 EST
This rule update was brought to you by Oinkmaster. Written by Andreas Östling <andreaso@it.su.se>
[*] Non-rule changes: [*]
[+++] Added lines: [+++]
-> File "snort.conf":
# http://www.snort.org Snort 2.0.0 Ruleset
# Stop Alerts on invalid ip options
# config: disable_ipopt_alerts
# Detects Back Orifice traffic on the network. Takes no arguments in 2.0.
preprocessor bo
# preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 3000
# Portscan 2, detect portscans in a new and exciting way. You must enable
# spp_conversation in order to use this preprocessor.
#preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 5, port_limit 20, timeout 60
# Too many false alerts from portscan2? Tone it down with
# portscan2-ignorehosts!
# A space delimited list of addresses in CIDR notation to ignore
# preprocessor portscan2-ignorehosts: 10.0.0.0/8 192.168.24.0/24
-> File "gen-msg.map":
116 || 4 || snort_decoder: Bad IPv4 Options
116 || 5 || snort_decoder: Truncated IPv4 Options
116 || 55 || snort_decoder: Truncated Tcp Options
116 || 58 || snort_decoder: Experimental TCP options
116 || 120 || snort_decoder: WARNING: Bad PPPOE frame detected!
116 || 130 || snort_decoder: WARNING: Bad VLAN Frame!
116 || 131 || snort_decoder: WARNING: Bad LLC header!
116 || 132 || snort_decoder: WARNING: Bad Extra LLC Info!
116 || 133 || snort_decoder: WARNING: Bad 802.11 LLC header!
116 || 134 || snort_decoder: WARNING: Bad 802.11 Extra LLC Info!
116 || 140 || snort_decoder: WARNING: Bad Token Ring Header!"
116 || 141 || snort_decoder: WARNING: Bad Token Ring ETHLLC Header!"
116 || 142 || snort_decoder: WARNING: Bad Token Ring MRLEN Header!"
116 || 143 || snort_decoder: WARNING: Bad Token Ring MR Header!
[---] Removed lines: [---]
-> File "snort.conf":
# http://www.snort.org Snort 1.9.0 Ruleset
# NOTE:This ruleset only works for 1.9.0 and later
preprocessor bo: -nobrute
# ASN1 Decode
#-----------------------------------------
# This is an experimental preprocessor. ASN.1 decoder and analysis plugin
# from Andrew R. Baker. This preprocessor will detect abuses of the ASN.1
# protocol that higher level protocols (like SSL, SNMP, x.509, etc) rely on.
# The ASN.1 decoder uses Generator ID 115 and uses the following SIDs for
# that GID:
# 1 Indefinite length
# 2 Invalid length
# 3 Oversized item
# 4 ASN.1 specification violation
# 5 Dataum bad length
# preprocessor asn1_decode
# Fnord
#-----------------------------------------
# This is an experimental preprocessor. Polymorphic shellcode analyzer and
# detector by Dragos Ruiu. This preprocessor will watch traffic for
# polymorphic NOP-type sleds to defeat tools like ADMutate. The Fnord detector
# uses Generator ID 114 and the following SIDs:
# 1 NOP-sled detected
# preprocessor fnord
#preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000
# Portscan 2, detect portscans in a new and exciting way.
#preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, port_limit 20, timeout 60
-> File "gen-msg.map":
116 || 55 || snort_decoder: Truncated Tcp Options"
116 || 58 || snort_decoder: Experimental TCP options
-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Wed Mar 26 17:48:00 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |