web-misc.rules

来自「入侵检测系统.linux下与MySql连用的例子」· RULES 代码 · 共 197 行 · 第 1/3 页

RULES
197
字号
123
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum violation access"; flags: A+; uricontent:"/violation.php3"; nocase; reference:bugtraq,2272; reference:arachnids,209; classtype:attempted-recon; sid:1179; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC get32.exe access"; flags: A+; uricontent:"/get32.exe"; nocase; reference:bugtraq,1485; reference:arachnids,258; classtype:attempted-recon; sid:1180; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Annex Terminal DOS attempt"; flags: A+;dsize:>1446; content:"/ping?query"; reference:arachnids,260; classtype:attempted-dos; sid:1181; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cgitest.exe attempt"; content: "/cgitest.exe|0d0a|user"; nocase; flags: A+; offset: 4; reference:arachnids,265; classtype:attempted-recon; sid:1182; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-cs-dump";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1183; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-ver-info";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1184; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC bizdbsearch access"; flags: A+; uricontent:"/bizdb1-search.cgi"; content:"mail"; nocase; reference:cve,CAN-2000-0287;  reference:bugtraq,1104; classtype:attempted-recon; sid:1185; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-ver-diff";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1186; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SalesLogix Eviewer web shutdown acess"; flags: A+; content:"/slxweb.dll/admin?command="; nocase; reference:bugtraq,1089; reference:cve,CAN-2000-0289; classtype:attempted-recon; sid:1187; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-start-ver";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1188; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-stop-ver"; nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1189; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-uncheckout"; nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1190; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-html-rend"; nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1191; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Trend Micro OfficeScan access"; flags: A+; uricontent:"/officescan/cgi/jdkRqNotify.exe?"; nocase; reference:bugtraq,1057; classtype:attempted-recon; sid:1192; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC oracle web listener batch access"; flags: A+; uricontent:"/ows-bin/&"; nocase; reference:cve,CVE-2000-0169; reference:bugtraq,1053; classtype:attempted-recon; sid:1193; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Sojourn File attempt"; flags: A+; uricontent:"/sojourn.cgi?cat="; content:"%00"; nocase;reference:bugtraq,1052; reference:cve,CAN-2000-0180; classtype:attempted-user; sid:1194; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Sojourn access"; flags: A+; uricontent:"/sojourn.cgi"; nocase; reference:bugtraq,1052; reference:cve,CAN-2000-0180; classtype:attempted-recon; sid:1195; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SGI InfoSearch fname access"; flags: A+; uricontent:"/infosrch.cgi?"; content:"fname="; nocase;reference:bugtraq,1031; reference:arachnids,290; reference:cve,CVE-2000-0207; classtype:attempted-recon; sid:1196; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum code access"; flags: A+; uricontent:"/code.php3"; nocase;  reference:arachnids,207; classtype:attempted-recon; sid:1197; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-usr-prop";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1198; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 2301 (msg:"WEB-MISC compaq nsight directory traversal"; content: "../"; reference:bugtraq,282; reference:arachnids,244; reference:cve,CVE-1999-0771; classtype:attempted-recon; sid:1199; rev:2;)alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any (msg:"WEB-MISC Invalid URL"; content:"Invalid URL"; nocase; flags:A+; classtype:attempted-recon; sid:1200; rev:1;)alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any (msg:"WEB-MISC 403 Forbidden";flags: A+; content:"HTTP/1.1 403"; classtype:attempted-recon; sid:1201; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC search.vts access"; flags:A+; uricontent:"/search.vts"; classtype:attempted-recon; sid:1202; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC search97.vts access"; flags:A+; uricontent:"/search97.vts"; classtype:attempted-recon; sid:1203; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ax-admin.cgi access"; flags:A+; uricontent:"/ax-admin.cgi"; classtype:attempted-recon; sid:1204; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC axs.cgi access"; flags:A+; uricontent:"/axs.cgi"; classtype:attempted-recon; sid:1205; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cachemgr.cgi access"; flags:A+; uricontent:"/cachemgr.cgi"; classtype:attempted-recon; sid:1206; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC htgrep access"; flags:A+; uricontent:"/htgrep"; classtype:attempted-recon; sid:1207; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC responder.cgi access"; flags:A+; uricontent:"/responder.cgi"; classtype:attempted-recon; sid:1208; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .nsconfig access"; flags:A+; uricontent:"/.nsconfig"; classtype:attempted-recon; sid:1209; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC at-admin.cgi access"; flags:A+; uricontent:"/at-admin.cgi"; nocase; classtype:attempted-recon; sid:1210; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC web-map.cgi access"; flags:A+; uricontent:"/web-map.cgi"; classtype:attempted-recon; sid:1211; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Admin_files access"; flags:A+; uricontent:"/admin_files"; nocase; classtype:attempted-recon; sid:1212; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC backup access"; flags:A+; uricontent:"/backup"; nocase; classtype:attempted-recon; sid:1213; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC intranet access"; flags:A+; uricontent:"/intranet/"; nocase; classtype:attempted-recon; sid:1214; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ministats admin access"; flags:A+; uricontent:"/ministats/admin.cgi"; nocase; classtype:attempted-recon; sid:1215; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC filemail access"; flags:A+; uricontent:"/filemail"; nocase; classtype:attempted-recon; sid:1216; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC plusmail access"; flags:A+; uricontent:"/plusmail"; nocase; classtype:attempted-recon; sid:1217; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC adminlogin access"; flags:A+; uricontent:"/adminlogin"; nocase; classtype:attempted-recon; sid:1218; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC dfire.cgi access"; flags:A+; uricontent:"/dfire.cgi"; nocase; classtype:attempted-recon; sid:1219; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ultraboard access"; flags:A+; uricontent:"/ultraboard"; nocase; classtype:attempted-recon; sid:1220; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC musicat access"; flags:A+; uricontent:"/empower"; nocase; classtype:attempted-recon; sid:1221; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC WebPALS attempt"; flags:A+; uricontent:"/pals-cgi"; nocase; content:"documentName="; classtype:attempted-recon; reference:cve,CAN-2001-0217; reference:bugtraq,2372; sid:1222; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC WebPALS access"; flags:A+; uricontent:"/pals-cgi"; nocase; classtype:attempted-recon; reference:cve,CAN-2001-0217; reference:bugtraq,2372; sid:1223; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ROADS attempt"; flags:A+; uricontent:"/ROADS/cgi-bin/search.pl"; content:"form="; nocase; reference:cve,CAN-2001-0215; reference:bugtraq,2371; classtype:attempted-recon; sid:1224; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall FtpSave access"; flags:A+; uricontent:"/FtpSave.dll"; nocase; classtype:attempted-recon; sid:1230; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall access"; flags:A+; uricontent:"/catinfo"; nocase; reference:bugtraq,2808; classtype:attempted-recon; sid:1231; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 1812 (msg:"WEB-MISC VirusWall access"; flags:A+; uricontent:"/catinfo"; nocase; reference:bugtraq,2579; classtype:attempted-recon; sid:1232; rev:1;)alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"WEB-MISC Outlook EML access"; uricontent:".ewl"; flags:A+; classtype:attempted-admin; sid:1233; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall FtpSaveCSP access"; flags:A+; uricontent:"/FtpSaveCSP.dll"; nocase; classtype:attempted-recon; sid:1234; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall FtpSaveCVP access"; flags:A+; uricontent:"/FtpSaveCVP.dll"; nocase; classtype:attempted-recon; sid:1235; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Tomcat sourcode view"; flags:A+; uricontent:".js%2570"; nocase; classtype:attempted-recon; sid:1236; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Tomcat sourcode view"; flags:A+; uricontent:".j%2573p"; nocase; classtype:attempted-recon; sid:1237; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Tomcat sourcode view"; flags:A+; uricontent:".%256Asp"; nocase; classtype:attempted-recon; sid:1238; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SWEditServlet directory traversal attempt"; uricontent:"/SWEditServlet"; content:"template=../../../"; flags:A+; classtype:attempted-user; sid:1241; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SWEditServlet access"; uricontent:"/SWEditServlet"; flags:A+; classtype:attempted-recon; sid:1228; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker head"; content:"HEAD"; offset: 0; depth: 4; nocase; dsize:>512; flags:A+; classtype:attempted-recon; sid:1171; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker head"; dsize: > 512; flags:A+; content:"|68 65 61 64|"; offset: 0; depth: 4; classtype:attempted-recon; sid:1170; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker head";flags: A+; content:"HEAD/./"; classtype:attempted-recon; sid:1139; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker splice attack"; content: "|20|"; flags: A+; dsize: 1;reference:arachnids,296; classtype:attempted-recon; sid:1104; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker splice attack"; dsize: <5; flags: A+; content: "|09|";reference:arachnids,415; classtype:attempted-recon; sid:1087; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PHPLIB remote command attempt"; flags:A+; uricontent:"PHPLIB[libdir]"; reference:bugtraq,3079; classtype:attempted-user; sid:1254; rev:1;)alert tcp $HTTP_SERVERS any -> $EXTERNAL_NET 80 (msg:"WEB-MISC PHPLIB remote command attempt"; flags:A+; uricontent:"/db_mysql.inc"; reference:bugtraq,3079; classtype:attempted-user; sid:1255; rev:1;)
123

web-misc.rules - 源码说明

本页面展示了「入侵检测系统.linux下与MySql连用的例子」中的 web-misc.rules 源码文件,采用 RULES 编程语言编写,共 197 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与linux相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?