web-misc.rules

来自「入侵检测系统.linux下与MySql连用的例子」· RULES 代码 · 共 197 行 · 第 1/3 页

RULES
197
字号
123
# $Id: web-misc.rules,v 1.19 2001/08/13 21:02:06 cazz Exp $#---------------# WEB-MISC RULES#---------------alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Cisco IOS HTTP configuration attempt"; uricontent:"/level/"; uricontent:"/exec/"; flags:A+; classtype:attempted-admin; reference:bugtraq,2936; sid:1250; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Netscape Enterprise DOS"; content:"REVLOG / "; offset:0; depth:7; flags:A+; reference:cve,CAN-2001-0251; reference:bugtraq,2294; classtype:attempted-dos; sid:1047; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Netscape Enterprise directory listing attempt"; content:"INDEX " offset:0; depth:6; flags:A+; reference:cve,CAN-2001-0250; reference:bugtraq,2285; classtype:attempted-recon; sid:1048; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC iPlanet ../../ DOS attempt"; content:"GET "; offset:0; depth:4; uricontent:"/../../../../../../../../../../../"; flags:A+; classtype:attempted-dos; sid:1049; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC iPlanet GETPROPERTIES attempt"; content:"GETPROPERTIES"; offset:0; depth:13; classtype:attempted-admin; sid:1050; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC technote main.cgi file directory traversal attempt"; flags:A+; uricontent:"/technote/main.cgi"; nocase; content:"filename="; nocase; content:"../../"; reference:cve,CVE-CAN-2001-0075; reference:bugtraq,2156; classtype:attempted-recon; sid:1051; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC technote print.cgi directory traversal attempt"; flags:A+; uricontent:"/technote/print.cgi"; nocase; content:"board="; nocase; content:"../../"; content:"%00"; reference:cve,CAN-2001-0075; reference:bugtraq,2156; classtype:attempted-recon; sid:1052; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ads.cgi command execution attempt"; flags:A+; content:"/ads.cgi"; nocase; content:"file="; nocase; content:"../../"; content:"\|"; reference:cve,CAN-2001-0025; reference:bugtraq,2103; classtype:attempted-recon; sid:1053; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC weblogic view source attempt"; flags:A+; uricontent:".js%70"; reference:bugtraq,2527; classtype:attempted-recon; sid:1054; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat directory traversal attempt"; flags:A+; uricontent:"%00.jsp"; reference:bugtraq,2518;  classtype:attempted-recon; sid:1055; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat view source attempt"; flags:A+; uricontent:"%252ejsp"; reference:bugtraq,2527; classtype:attempted-recon; sid:1056; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ftp attempt";flags: A+; content:"ftp.exe"; nocase; classtype:attempted-recon; sid:1057; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC enumdsn attempt";flags: A+; content:"xp_enumdsn"; nocase; classtype:attempted-recon; sid:1058; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC filelist attempt";flags: A+; content:"xp_filelist"; nocase; classtype:attempted-recon; sid:1059; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC availablemedia attempt";flags: A+; content:"xp_availablemedia"; nocase; classtype:attempted-recon; sid:1060; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cmdshell attempt";flags: A+; content:"xp_cmdshell"; nocase; classtype:attempted-recon; sid:1061; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC nc.exe attempt";flags: A+; content:"nc.exe"; nocase; classtype:bad-unknown; sid:1062; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC csh attempt";flags: A+; content:"csh.exe"; nocase; classtype:attempted-recon; sid:1063; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC wsh attempt";flags: A+; content:"wsh.exe"; nocase; classtype:attempted-recon; sid:1064; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC rcmd attempt";flags: A+; content:"rcmd.exe"; nocase; classtype:attempted-recon; sid:1065; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC telnet attempt";flags: A+; content:"telnet.exe"; nocase; classtype:attempted-recon; sid:1066; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC net attempt";flags: A+; content:"net.exe"; nocase; classtype:attempted-recon; sid:1067; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tftp attempt";flags: A+; content:"tftp.exe"; nocase; classtype:attempted-recon; sid:1068; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC regread attempt";flags: A+; content:"xp_regread"; nocase; classtype:bad-unknown; sid:1069; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webdav search access"; flags: A+; content: "SEARCH "; depth: 8; nocase;reference:arachnids,474; classtype:bad-unknown; sid:1070; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .htpasswd access"; flags:A+; content:".htpasswd"; nocase; classtype:attempted-recon; sid:1071; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Lotus Domino directory traversal"; uricontent:".nsf/"; uricontent:"../"; nocase; flags:A+; classtype:attempted-recon; sid:1072; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webhits.exe access";flags: A+; uricontent:"/scripts/samples/search/webhits.exe"; nocase; classtype:attempted-recon; sid:1073; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC fpadmcgi.exe access";flags: A+; uricontent:"/scripts/fpadmcgi.exe"; nocase; classtype:attempted-recon; sid:1074; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC postinfo.asp access";flags: A+; uricontent:"/scripts/postinfo.asp"; nocase; classtype:attempted-recon; sid:1075; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC repost.asp access";flags: A+; uricontent:"/scripts/repost.asp"; nocase; classtype:attempted-recon; sid:1076; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC queryhit.htm access";flags: A+; uricontent:"/samples/search/queryhit.htm"; nocase; classtype:attempted-recon; sid:1077; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC counter.exe access";flags: A+; uricontent:"/scripts/counter.exe"; nocase; reference:bugtraq,267; classtype:attempted-recon; sid:1078; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webdav propfind access"; content:"<a\:propfind"; nocase; content:"xmlns\:a=\"DAV\">"; nocase; flags: A+; reference:cve, cve-2000-0869; classtype:attempted-user; sid:1079; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC unify eWave ServletExec upload"; content:"(com.unify.servletexec.UploadServlet"; nocase; flags:a+; classtype:attempted-user; sid:1080; rev:2; reference:bugtraq,1868;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape servers suite DOS"; flags: A+; uricontent:"/dsgw/bin/search?context="; nocase; classtype:attempted-dos; sid:1081; rev:2; reference:bugtraq,1868;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC amazon 1-click cookie theft"; flags: A+; content:"ref%3Cscript%20language%3D%22Javascript"; nocase; classtype:attempted-recon; sid:1082; rev:3; reference:bugtraq,1194; reference:cve,CVE-2000-0439;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC unify eWave ServletExec DOS"; flags: A+; uricontent:"/servlet/ServletExec"; classtype:attempted-dos; sid:1083; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Allaire JRUN DOS attempt"; flags: A+; content:"servlet/......."; nocase; classtype:attempted-dos; sid:1084; rev:2; reference:bugtraq,2337;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PHP strings overflow"; flags: A+; content: "|ba49feffff f7d2 b9bfffffff f7d1|"; reference:bugtraq,802; reference:arachnids,431; classtype:attempted-admin; sid:1085; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PHP strings overflow"; flags: A+; content: "?STRENGUR ";reference:arachnids,430; classtype:attempted-admin; sid:1086; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC eXtropia webstore directory traversal"; flags: A+; uricontent:"/web_store.cgi"; content:"page=../"; reference:bugtraq,1774; classtype:attempted-recon; sid:1088; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC shopping cart directory traversal"; flags: A+; uricontent:"/shop.cgi"; content:"page=../"; reference:bugtraq,1777; classtype:attempted-recon; sid:1089; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Allaire Pro Web Shell attempt"; flags: A+; uricontent:"/authenticate.cgi?PASSWORD"; content:"config.ini"; classtype:attempted-recon; sid:1090; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ICQ Webfront HTTP DOS"; flags: A+; content:"??????????"; classtype:attempted-dos; sid:1091; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Armada Style Master Index directory traversal"; flags: A+; uricontent:"/search.cgi?keys"; content:"catigory=../"; classtype:attempted-recon; sid:1092; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC moreover shopping cart directory traversal"; flags: A+; uricontent:"/cached_feed.cgi"; content:"../"; reference:bugtraq,1762; classtype:attempted-recon; sid:1093; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webstore directory traversal"; uricontent:"/web_store.cgi?page=../.."; flags:A+; classtype:attempted-recon; sid:1094; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Talentsoft Web+ Source Code view access";flags: A+; uricontent:"/webplus.exe?script=test.wml";reference:bugtraq,1722; classtype:attempted-recon; sid:1095; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Talentsoft Web+ internal IP Address access";flags: A+; uricontent:"/webplus.exe?about";reference:bugtraq,1720; classtype:attempted-recon; sid:1096; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Talentsoft Web+ exploit access"; flags: A+; uricontent:"/webplus.cgi?Script=/webplus/webping/webping.wml"; reference:bugtraq,1725; classtype:attempted-recon; sid:1097; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SmartWin CyberOffice Shopping Cart access";flags: A+; content:"_private/shopping_cart.mdb"; reference:bugtraq,1734; classtype:attempted-recon; sid:1098; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cybercop scan";flags: A+; uricontent:"/cybercop"; nocase; reference:arachnids,374; classtype:attempted-recon; sid:1099; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC L3retriever HTTP Probe"; content: "User-Agent|3a| Java1.2.1|0d0a|"; flags: A+;reference:arachnids,310; classtype:attempted-recon; sid:1100; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Webtrends HTTP probe"; content: "User-Agent|3a| Webtrends Security Analyzer|0d0a|"; flags: A+;reference:arachnids,309; classtype:attempted-recon; sid:1101; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Nessus 404 probe"; flags: A+; uricontent: "/nessus_is_probing_you_"; depth: 32;reference:arachnids,301; classtype:attempted-recon; sid:1102; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape admin passwd"; flags: A+; uricontent:"/admin-serv/config/admpw"; nocase;reference:bugtraq,1579; classtype:attempted-recon; sid:1103; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC BigBrother access"; flags: A+; uricontent:"/bb-hostsvc.sh?HOSTSVC"; nocase; classtype:attempted-recon; sid:1105; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Poll-it access"; flags: A+; uricontent:"/pollit/Poll_It_SSI_v2.0.cgi"; nocase; reference:cve,CAN-2000-0590; reference:bugtraq,1431; classtype:attempted-recon; sid:1106; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ftp.pl access"; flags: A+; uricontent:"/ftp.pl"; nocase;reference:bugtraq,1471; classtype:attempted-recon; sid:1107; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat server snoop access"; flags: A+; uricontent:"/jsp/snp/anything.snp"; nocase; reference:cve,CAN-2000-0760; reference:bugtraq,1532; classtype:attempted-recon; sid:1108; rev:2;)
123

web-misc.rules - 源码说明

本页面展示了「入侵检测系统.linux下与MySql连用的例子」中的 web-misc.rules 源码文件,采用 RULES 编程语言编写,共 197 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与linux相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?