📄 web-frontpage.rules

📁 入侵检测系统.linux下与MySql连用的例子
💻 RULES
字号:
# $Id: web-frontpage.rules,v 1.8 2001/07/29 16:36:35 cazz Exp $#--------------------# WEB-FRONTPAGE RULES#--------------------alert TCP $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS frontpage rad overflow attempt"; uricontent:"/fp30reg.dll"; nocase; dsize: >258; flags: A; classtype:attempted-admin; reference:arachnids,555; reference:bugtraq,2906; reference: cve,CAN-2001-0341; sid:1246; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS frontpage rad overflow attempt"; uricontent: "/fp4areg.dll"; nocase; dsize: >259; flags: A+; reference:cve,CAN-2001-0341; reference:bugtraq,2906; sid:1247; rev:1;)alert TCP $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS frontpage rad fp30reg.dll access"; uricontent:"/fp30reg.dll"; nocase; flags: A; classtype:attempted-recon; reference:arachnids,555; reference:bugtraq,2906; reference: cve,CAN-2001-0341; sid:1248; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS frontpage rad fp4areg.dll access"; uricontent: "/fp4areg.dll"; nocase; flags: A+; reference:cve,CAN-2001-0341; reference:bugtraq,2906; sid:1249; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE _vti_rpc access"; flags: A+; uricontent:"/_vti_rpc"; nocase; reference:bugtraq,2144; classtype:attempted-recon; sid:937; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE posting"; flags: A+; content:"POST"; uricontent:"/author.dll"; nocase; classtype:attempted-recon; sid:939; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE shtml.dll"; uricontent: "/_vti_bin/shtml.dll"; nocase; flags: A+;reference:arachnids,292; classtype:attempted-recon; sid:940; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE contents.htm access";flags: A+; uricontent:"/admcgi/contents.htm"; nocase; classtype:attempted-recon; sid:941; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE orders.htm access";flags: A+; uricontent:"/_private/orders.htm"; nocase; classtype:attempted-recon; sid:942; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpsrvadm.exe access";flags: A+; uricontent:"/fpsrvadm.exe"; nocase; classtype:attempted-recon; sid:943; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpremadm.exe access";flags: A+; uricontent:"/fpremadm.exe"; nocase; classtype:attempted-recon; sid:944; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpadmin.htm access";flags: A+; uricontent:"/admisapi/fpadmin.htm"; nocase; classtype:attempted-recon; sid:945; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpadmcgi.exe access";flags: A+; uricontent:"/scripts/Fpadmcgi.exe"; nocase; classtype:attempted-recon; sid:946; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE orders.txt access";flags: A+; uricontent:"/_private/orders.txt"; nocase; classtype:attempted-recon; sid:947; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE form_results access";flags: A+; uricontent:"/_private/form_results.txt"; nocase; classtype:attempted-recon; sid:948; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE registrations.htm access";flags: A+; uricontent:"/_private/registrations.htm"; nocase; classtype:attempted-recon; sid:949; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE cfgwiz.exe access";flags: A+; uricontent:"/cfgqiz.exe"; nocase; classtype:attempted-recon; sid:950; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE authors.pwd access";flags: A+; uricontent:"/authors.pwd"; nocase; classtype:attempted-recon; sid:951; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE author.exe access";flags: A+; uricontent:"/_vti_bin/_vti_aut/author.exe"; nocase; classtype:attempted-recon; sid:952; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE administrators.pwd";flags: A+; uricontent:"/administrators.pwd"; nocase; reference:bugtraq,1205; classtype:attempted-recon; sid:953; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE form_results.htm access";flags: A+; uricontent:"/_private/form_results.htm"; nocase; classtype:attempted-recon; sid:954; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE access.cnf access";flags: A+; uricontent:"/_vti_pvt/access.cnf"; nocase; classtype:attempted-recon; sid:955; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE register.txt access";flags: A+; uricontent:"/_private/register.txt"; nocase; classtype:attempted-recon; sid:956; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE registrations.txt access";flags: A+; uricontent:"/_private/registrations.txt"; nocase; classtype:attempted-recon; sid:957; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE service.cnf access";flags: A+; uricontent:"/_vti_pvt/service.cnf"; nocase; classtype:attempted-recon; sid:958; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE service.pwd";flags: A+; uricontent:"/service.pwd"; nocase;reference:bugtraq,1205; classtype:attempted-recon; sid:959; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE service.stp access";flags: A+; uricontent:"/_vti_pvt/service.stp"; nocase; classtype:attempted-recon; sid:960; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE services.cnf access";flags: A+; uricontent:"/_vti_pvt/services.cnf"; nocase; classtype:attempted-recon; sid:961; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE shtml.exe";flags: A+; uricontent:"/_vti_bin/shtml.exe"; nocase; reference:cve,CAN-2000-0413; reference:cve,CAN-2000-0709; reference:bugtraq,1608; reference:bugtraq,1174; classtype:attempted-recon; sid:962; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE svcacl.cnf access";flags: A+; uricontent:"/_vti_pvt/svcacl.cnf"; nocase; classtype:attempted-recon; sid:963; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE users.pwd access";flags: A+; uricontent:"/users.pwd"; nocase; classtype:attempted-recon; sid:964; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE writeto.cnf access";flags: A+; uricontent:"_vti_pvt/writeto.cnf"; nocase; classtype:attempted-recon; sid:965; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fourdots request"; flags: A+; content: "|2e 2e 2e 2e 2f|"; nocase; reference:bugtraq,989; reference:cve,CAN-2000-0153; reference:arachnids,248; classtype:attempted-recon; sid:966; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE dvwssr.dll access"; flags: A+; uricontent: "/dvwssr.dll"; nocase; reference:bugtraq,1108; reference:cve,CVE-2000-0260; reference:arachnids,271; classtype:attempted-recon; sid:967; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE register.htm access";flags: A+; uricontent:"/_private/register.htm"; nocase; classtype:attempted-recon; sid:968; rev:1;)
💿 文件大小 976 K
👤 上传用户 koalalee
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#linux #MySql #入侵检测系统
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -