Hosting Provided By

[Snort-sigs] snort-rules CURRENT update @ Fri Mar 28 06:25:06 2003

From: <bmc(at)snort.org>
Date: Fri Mar 28 2003 - 06:34:32 EST

This rule update was brought to you by Oinkmaster. Written by Andreas Östling <andreaso@it.su.se>

[*] Rule modifications: [*]

[///] Modified active: [///]

     file -> web-iis.rules
     old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WEBDAV exploit attempt"; flow:to_server,established; content:"HTTP/1.1|0a|Content-type|3a| text/xml|0a|HOST|3a|"; content:"Accept|3a| |2a|/|2a0a|Translate|3a| f|0a|Content-length|3a|5276|0a0a|"; distance:1; reference:cve,CAN-2003-0109; reference:bugtraq,7716; sid:2090; rev:1;)
     new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WEBDAV exploit attempt"; flow:to_server,established; content:"HTTP/1.1|0a|Content-type|3a| text/xml|0a|HOST|3a|"; content:"Accept|3a| |2a|/|2a0a|Translate|3a| f|0a|Content-length|3a|5276|0a0a|"; distance:1; reference:cve,CAN-2003-0109; reference:bugtraq,7716; classtype:attempted-admin; sid:2090; rev:2;)
     old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WEBDAV nessus safe scan attempt"; flow:to_server,established; content:"SEARCH / HTTP/1.1|0d0a|Host|3a|"; content:"|0d0a0d0a|"; within:255; reference:cve,CAN-2003-0109; reference:bugtraq,7116; reference:nessus,11412; sid:2091; rev:1;)
     new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS WEBDAV nessus safe scan attempt"; flow:to_server,established; content:"SEARCH / HTTP/1.1|0d0a|Host|3a|"; content:"|0d0a0d0a|"; within:255; reference:cve,CAN-2003-0109; reference:bugtraq,7116; reference:nessus,11412; classtype:attempted-admin; sid:2091; rev:2;)

[*] Non-rule changes: [*]

[+++] Added lines: [+++]

-> File "snort.conf":

       # Use one or more syslog facilities as arguments.  Win32 can also
       # optionally specify a particular hostname/port.  Under Win32, the
       # default hostname is 'localhost', and the default port is 514.
       # [Unix flavours should use this format...]
       # [Win32 can use any of these formats...]
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related snort.org Links
snort-announce
snort-cvsinfo
snort-devel
snort-sigs
snort-users
Request more information about Pantek
       # output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
       # output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT

  [---]      Removed lines:      [---]


    -> File "snort.conf":


       # Use one or more syslog facilities as arguments



-------------------------------------------------------

This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Mar 28 07:12:52 2003

This message: [ Message body ]
Next message: rmkml: "Re: [Snort-sigs] Submitt new rules"
Previous message: Brian: "Re: [Snort-sigs] Re: [Snort-users] SID 1545: DOS Cisco attempt"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT

Do you need more help?