📄 rpc.rules

📁 入侵检测系统.linux下与MySql连用的例子
💻 RULES
字号:
# $Id: rpc.rules,v 1.13 2001/07/29 16:36:35 cazz Exp $#----------# RPC RULES#----------alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC snmpXdmi overflow attempt"; flags:a+; content:"|8000 19a0|"; offset:0; depth:4; content:"|00018799|"; offset: 16; reference:bugtraq,2417; reference:cve,CAN-2001-0236; classtype:attempted-admin; sid:569; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC EXPLOIT ttdbserv solaris overflow"; content: "|C0 22 3F FC A2 02 20 09 C0 2C 7F FF E2 22 3F F4|"; flags: A+; dsize: >999; reference:bugtraq,122; reference:cve,CVE-1999-0003; reference:arachnids,242; classtype:attempted-admin; sid:570; rev:2;)alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC EXPLOIT ttdbserv Solaris overflow"; flags: A+; dsize: >999; content: "|00 01 86 F3 00 00 00 01 00 00 00 0F 00 00 00 01|"; reference:bugtraq,122; reference:cve,CVE-1999-0003; reference:arachnids,242; classtype:attempted-admin; sid:571; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC DOS ttdbserv solaris"; flags: A+; content: "|00 01 86 F3 00 00 00 01 00 00 00 0F 00 00 00 01|";offset: 16; depth: 32; reference:bugtraq,122; reference:arachnids,241; reference:cve,CVE-1999-0003; classtype:attempted-dos; sid:572; rev:2;)alert tcp $EXTERNAL_NET any -> $HOME_NET 634:1400 (msg:"RPC AMD Overflow"; flags: A+; content: "|80 00 04 2C 4C 15 75 5B 00 00 00 00 00 00 00 02|";depth: 32; reference:arachnids,217; classtype:attempted-admin; sid:573; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 32771: (msg:"RPC NFS Showmount"; flags: A+; content: "|00 01 86 A5 00 00 00 01 00 00 00 05 00 00 00 01|"; offset: 16; depth: 32; reference:arachnids,26; classtype:attempted-recon; sid:574; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request admind"; content:"|01 86 F7 00 00|";offset:40;depth:8; reference:arachnids,18; classtype:attempted-recon; sid:575; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request amountd"; content:"|01 87 03 00 00|";offset:40;depth:8; reference:arachnids,19;classtype:attempted-recon; sid:576; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request bootparam"; content:"|01 86 BA 00 00|";offset:40;depth:8; reference:arachnids,16;classtype:attempted-recon; sid:577; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request cmsd"; content:"|01 86 E4 00 00|";offset:40;depth:8; reference:arachnids,17;classtype:attempted-recon; sid:578; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request mountd"; content:"|01 86 A5 00 00|";offset:40;depth:8; reference:arachnids,13;classtype:attempted-recon; sid:579; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request nisd"; content:"|01 87 cc 00 00|";offset:40;depth:8; reference:arachnids,21;classtype:attempted-recon; sid:580; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request pcnfsd"; content:"|02 49 f1 00 00|";offset:40;depth:8; reference:arachnids,22;classtype:attempted-recon; sid:581; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rexd";content:"|01 86 B1 00 00|";offset:40;depth:8; reference:arachnids,23;classtype:attempted-recon; sid:582; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rstatd"; content: "|01 86 A0 00 00|"; reference:arachnids,10;classtype:attempted-recon; sid:583; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rusers"; content:"|01 86 A2 00 00|";offset:40;depth:8; reference:arachnids,133;classtype:attempted-recon; sid:584; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request sadmind"; content:"|01 87 88 00 00|";offset:40;depth:8; reference:arachnids,20;classtype:attempted-recon; sid:585; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request selection_svc"; content:"|01 86 AF 00 00|";offset:40;depth:8; reference:arachnids,25;classtype:attempted-recon; sid:586; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request status"; content:"|01 86 B8 00 00|";offset:40;depth:8; reference:arachnids,15;classtype:attempted-recon; sid:587; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ttdbserv"; content:"|01 86 F3 00 00|";offset:40;depth:8; reference:arachnids,24;classtype:attempted-recon; sid:588; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request yppasswd"; content:"|01 86 A9 00 00|";offset:40;depth:8; reference:arachnids,14;classtype:attempted-recon; sid:589; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ypserv"; content:"|01 86 A4 00 00|";offset:40;depth:8; reference:arachnids,12;classtype:attempted-recon; sid:590; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ypupdated"; content:"|01 86 BC 00 00|";offset:40;depth:8; reference:arachnids,125;classtype:attempted-recon; sid:591; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 32770: (msg:"RPC rstatd query"; content:"|00 00 00 00 00 00 00 02 00 01 86 A1|";offset:5; reference:arachnids,9;classtype:attempted-recon; sid:592; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC snmpXdmi query";  rpc:100249,*,*; reference:bugtraq,2417; classtype:attempted-recon; sid:593; rev:1;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC espd query"; rpc:391029,*,*; reference:cve,CAN-2001-0331; classtype:attempted-recon; sid:594; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC espd query"; rpc:391029,*,*; reference:cve,CAN-2001-0331; classtype:attempted-recon; sid:595; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111   (msg:"RPC portmap listing"; flags: A+; rpc: 100000,*,*;reference:arachnids,429; classtype:attempted-recon; sid:596; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 32771 (msg:"RPC portmap listing"; flags: A+; rpc: 100000,*,*;reference:arachnids,429; classtype:attempted-recon; sid:597; rev:1;)alert ip $EXTERNAL_NET any -> $HOME_NET 111   (msg:"RPC portmap listing"; content: "|00 01 86 A0 00 00 00 02 00 00 00 04|"; reference:arachnids,429; classtype:attempted-recon; sid:598; rev:1;)alert ip $EXTERNAL_NET any -> $HOME_NET 32771 (msg:"RPC portmap listing"; content: "|00 01 86 A0 00 00 00 02 00 00 00 04|"; reference:arachnids,429; classtype:attempted-recon; sid:599; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC EXPLOIT statdx"; flags: A+; content: "/bin|c74604|/sh";reference:arachnids,442; classtype:attempted-admin; sid:600; rev:1;)
💿 文件大小 976 K
👤 上传用户 koalalee
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#linux #MySql #入侵检测系统
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -