web-misc.rules

来自「入侵检测系统.linux下与MySql连用的例子」· RULES 代码 · 共 197 行 · 第 1/3 页

RULES
197
字号
123
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ROXEN directory list attempt"; flags: A+; content:"|2F 25 30 30 2F|"; nocase;reference:bugtraq,1510; reference:cve,CVE-2000-0671; classtype:attempted-recon; sid:1109; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC apache source.asp file access"; flags: A+; uricontent:"/site/eg/source.asp"; nocase;reference:bugtraq,1457; reference:cve, CVE-2000-0628; classtype:attempted-recon; sid:1110; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat server exploit access"; flags: A+; uricontent:"/contextAdmin/contextAdmin.html"; nocase; classtype:attempted-recon; sid:1111; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC http directory traversal"; flags: A+; content: "..\\";reference:arachnids,298; classtype:attempted-recon; sid:1112; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC http directory traversal"; flags: A+; content: "../"; reference:arachnids,297; classtype:attempted-recon; sid:1113; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC prefix-get //";flags: A+; content:"get //"; nocase; classtype:attempted-recon; sid:1114; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ICQ webserver DOS";flags: A+; content:".html/......"; nocase; reference:cve,CVE-1999-0474; classtype:attempted-dos; sid:1115; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Lotus DelDoc attempt";flags: A+; content:"?DeleteDocument"; nocase; classtype:attempted-recon; sid:1116; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Lotus EditDoc attempt";flags: A+; content:"?EditDocument"; nocase; classtype:attempted-recon; sid:1117; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ls%20-l";flags: A+; content:"ls%20-l"; nocase; classtype:attempted-recon; sid:1118; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC mlog.phtml access";flags: A+; uricontent:"/mlog.phtml"; nocase; reference:bugtraq,713; reference:cve,CVE-1999-0346; classtype:attempted-recon; sid:1119; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC mylog.phtml access";flags: A+; uricontent:"/mylog.phtml"; nocase; reference:bugtraq,713; reference:cve,CVE-1999-0346; classtype:attempted-recon; sid:1120; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC O'Reilly args.bat access";flags: A+; uricontent:"/cgi-dos/args.bat"; nocase; classtype:attempted-recon; sid:1121; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /etc/passwd";flags: A+; content:"/etc/passwd"; nocase; classtype:attempted-recon; sid:1122; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PageService access";flags: A+; content:"?PageServices"; nocase; reference:bugtraq,1063; reference:cve,CVE-1999-0269; classtype:attempted-recon; sid:1123; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce check.txt access";flags: A+; uricontent:"/config/check.txt"; nocase; classtype:attempted-recon; sid:1124; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webcart access";flags: A+; uricontent:"/webcart/"; nocase; classtype:attempted-recon; sid:1125; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC AuthChangeUr access";flags: A+; content:"_AuthChangeUrl?"; nocase; classtype:attempted-recon; sid:1126; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC convert.bas access";flags: A+; uricontent:"/scripts/convert.bas"; nocase; reference:bugtraq,2025; reference:cve,CVE-1999-0175; classtype:attempted-recon; sid:1127; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cpshost.dll access";flags: A+; uricontent:"/scripts/cpshost.dll"; nocase; classtype:attempted-recon; sid:1128; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .htaccess access";flags: A+; content:".htaccess"; nocase; classtype:attempted-recon; sid:1129; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .wwwacl access";flags: A+; uricontent:".wwwacl"; nocase; classtype:attempted-recon; sid:1130; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .wwwacl access";flags: A+; uricontent:".www_acl"; nocase; classtype:attempted-recon; sid:1131; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 457 (msg:"WEB-MISC netscape unixware overflow"; content: "|eb 5f 9a ff ff ff ff 07 ff c3 5e 31 c0 89 46 9d|"; flags: A+; reference:arachnids,180; classtype:attempted-recon; sid:1132; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"SCAN cybercop os probe"; content: "AAAAAAAAAAAAAAAA"; flags: SFP; ack: 0; depth: 16;reference:arachnids,145; classtype:attempted-recon; sid:1133; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum admin access"; flags: A+; uricontent:"/admin.php3"; nocase; reference:bugtraq,2271; reference:arachnids,205; classtype:attempted-recon; sid:1134; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cd..";flags: A+; content:"cd.."; nocase; classtype:attempted-recon; sid:1136; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum auth access"; flags: A+; content:"PHP_AUTH_USER=boogieman"; nocase;  reference:bugtraq,2274; reference:arachnids,206; classtype:attempted-recon; sid:1137; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Cisco Web DOS attempt"; flags: A+; content: "|20 2F 25 25|"; depth: 16; reference:arachnids,275; classtype:attempted-dos; sid:1138; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC guestbook access";flags: A+; uricontent:"/guestbook"; nocase; reference:bugtraq,776; reference:cve,CVE-1999-0237; reference:arachnids,228; classtype:attempted-recon; sid:1140; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC handler access"; flags: A+; uricontent:"/handler"; nocase; reference:bugtraq,380; reference:arachnids,235; reference:cve,CVE-1999-0148; classtype:attempted-recon; sid:1141; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /....";flags: A+; content:"|2f2e2e2e2e|"; classtype:attempted-recon; sid:1142; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ///cgi-bin";flags: A+; uricontent:"///cgi-bin"; nocase; classtype:attempted-recon; sid:1143; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /cgi-bin/// access";flags: A+; uricontent:"/cgi-bin///"; nocase; classtype:attempted-recon; sid:1144; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /~root";flags: A+; uricontent:"/~root/"; nocase; classtype:attempted-recon; sid:1145; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce import.txt access";flags: A+; uricontent:"/config/import.txt"; nocase; classtype:attempted-recon; sid:1146; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cat%20 access";flags: A+; content:"cat%20"; nocase; reference:cve,CVE-1999-0039; reference:bugtraq,374; classtype:attempted-recon; sid:1147; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce import.txt access";flags: A+; uricontent:"/orders/import.txt"; nocase; classtype:attempted-recon; sid:1148; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC count.cgi access";flags: A+; uricontent:"/count.cgi"; nocase; reference:bugtraq,550; reference:cve,CVE-1999-0021; classtype:attempted-recon; sid:1149; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino catalog.ns access";flags: A+; uricontent:"/catalog.nsf"; nocase; classtype:attempted-recon; sid:1150; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino domcfg.nsf access";flags: A+; uricontent:"/domcfg.nsf"; nocase; classtype:attempted-recon; sid:1151; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino domlog.nsf access";flags: A+; uricontent:"/domlog.nsf"; nocase; classtype:attempted-recon; sid:1152; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino log.nsf access";flags: A+; uricontent:"/log.nsf"; nocase; classtype:attempted-recon; sid:1153; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino names.nsf access";flags: A+; uricontent:"/names.nsf"; nocase; classtype:attempted-recon; sid:1154; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce checks.txt access";flags: A+; uricontent:"/orders/checks.txt"; nocase; classtype:attempted-recon; sid:1155; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC apache DOS attempt";flags: A+; content:"|2f2f2f2f2f2f2f2f|"; classtype:attempted-dos; sid:1156; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape PublishingXpert 2 Exploit"; flags: A+; uricontent:"/PSUser/PSCOErrPage.htm?"; nocase; classtype:attempted-recon; sid:1157; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC windmail access"; flags:A+; uricontent:"/windmail.exe"; nocase; content:"-n"; content:"mail"; nocase; reference:cve,CAN-2000-0242; reference:bugtraq,1073; reference:arachnids,465; classtype:attempted-recon; sid:1158; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webplus access"; content:"webplus?script"; nocase; flags:A+; classtype:attempted-recon; sid:1159; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape dir index wp"; flags: A+; content: "?wp-"; nocase; reference:bugtraq,1063; reference:cve,CVE-20000236; reference:arachnids,270; classtype:attempted-recon; sid:1160; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC piranha passwd.php3 access"; flags: A+; uricontent: "/passwd.php3"; reference:bugtraq,1149; reference:cve,CVE-2000-0322; reference:arachnids,272; classtype:attempted-recon; sid:1161; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cart 32 AdminPwd access"; flags: A+; uricontent:"/c32web.exe/ChangeAdminPassword"; nocase;reference:bugtraq,1153; classtype:attempted-recon; sid:1162; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webdist.cgi access"; uricontent:"/webdist.cgi"; nocase; flags: A+; reference:bugtraq,374; reference:cve,CVE-1999-0039; classtype:attempted-recon; sid:1163; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC shopping cart access access"; uricontent:"/quikstore.cfg"; nocase; flags: A+; classtype:attempted-recon; sid:1164; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC novell groupwise gwweb.exe access"; flags: A+; content:"/GWWEB.EXE?HELP="; nocase; reference:bugtraq,879; reference:cve,CAN-1999-1006; classtype:attempted-recon; sid:1165; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ws_ftp.ini access"; uricontent:"/ws_ftp.ini"; nocase; flags: A+; classtype:attempted-recon; sid:1166; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC rpm_query access"; flags: A+; uricontent:"/rmp_query"; nocase; reference:cve,CVE-2000-0192; reference:bugtraq,1036; classtype:attempted-recon; sid:1167; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC mall log order access"; uricontent:"/mall_log_files/order.log"; nocase; flags: A+; classtype:attempted-recon; sid:1168; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cfappman access access"; uricontent:"/cfappman/index.cfm"; nocase; flags: A+; classtype:attempted-recon; sid:1169; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC bigconf.cgi access"; uricontent:"/bigconf.cgi"; nocase; flags: A+; classtype:attempted-recon; sid:1172; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC architext_query.pl access"; uricontent:"/ews/architext_query.pl"; nocase; flags: A+; classtype:attempted-recon; sid:1173; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /cgi-bin/jj attempt"; uricontent:"/cgi-bin/jj"; nocase; flags: A+; reference:bugtraq,2002; reference:cve,CVE-1999-0260; classtype:attempted-recon; sid:1174; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC wwwboard.pl access"; uricontent:"/wwwboard.pl"; nocase; flags: A+; reference:bugtraq,1795; reference:cve,CVE-1999-0953; classtype:attempted-recon; sid:1175; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC order.log access"; uricontent:"/admin_files/order.log"; nocase; flags: A+; classtype:attempted-recon; sid:1176; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-verify-link";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1177; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum read access"; flags: A+; uricontent:"/read.php3"; nocase;  reference:arachnids,208; classtype:attempted-recon; sid:1178; rev:1;)
123

web-misc.rules - 源码说明

本页面展示了「入侵检测系统.linux下与MySql连用的例子」中的 web-misc.rules 源码文件,采用 RULES 编程语言编写,共 197 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与linux相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?