⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 snortrules.txt

📁 IPv4下发伪造包的程序
💻 TXT
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
alert tcp $EXTERNAL_NET :1024 -> $HOME_NET any (msg:"DDOS shaft synflood incoming"; flags: S; seq: 674711609; reference:arachnids,252;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 6838 (msg:"DDOS mstream agent to handler"; content: "newserver"; ) 
alert udp $EXTERNAL_NET any -> $HOME_NET 10498 (msg:"DDOS mstream handler to agent"; content: "stream/"; reference:cve,CAN-2000-0138;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 10498 (msg:"DDOS mstream handler ping to agent" ; content: "ping"; reference:cve,CAN-2000-0138;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 10498 (msg:"DDOS mstream agent pong to handler" ; content: "pong";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 12754 (msg:"DDOS mstream client to handler"; content: ">"; flags: A+; reference:cve,CAN-2000-0138;) 
alert tcp $HOME_NET 12754 -> $EXTERNAL_NET any (msg:"DDOS mstream handler to client"; content: ">"; flags: A+;reference:cve,CAN-2000-0138;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 15104 (msg:"DDOS mstream client to handler"; flags: S; reference:arachnids,111; reference:cve,CAN-2000-0138;) 
alert tcp $HOME_NET 15104 -> $EXTERNAL_NET any (msg:"DDOS mstream handler to client"; content: ">"; flags: A+; reference:cve,CAN-2000-0138;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS - TFN client command LE"; itype: 0; icmp_id: 51201; icmp_seq: 0; reference:arachnids,183;) 


# DNS RULES
# Updated: 03/15/2001
# -------------------

alert udp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS named iquery attempt"; content: "|0980 0000 0001 0000 0000|"; offset: 2; depth: 16; reference:arachnids,277; reference:cve,CVE-1999-009; reference:bugtraq,134;) 
alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"DNS SPOOF query response PTR with TTL: 1 min. and no authority"; content:"|85800001000100000000|"; content:"|c00c000c00010000003c000f|";) 
alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"DNS SPOOF query response with ttl: 1 min. and no authority"; content:"|81800001000100000000|"; content:"|c00c000100010000003c0004|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS zone transfer"; content: "|FC|"; flags: A+; offset: 13; reference:arachnids,212;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS named version attempt"; content: "|07|version|04|bind"; nocase; offset: 12; depth: 26; reference:arachnids,278;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT named 8.2->8.2.1";flags: A+; content:"../../../../../../../../../"; reference:cve,CVE-1999-0833;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT named overflow";flags: A+; content:"thisissometempspaceforthesockinaddrinyeahyeahiknowthisislamebutanywaywhocareshorizongotitworkingsoalliscool"; reference:cve,CVE-1999-0833;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT named exploit"; flags: A+; content:"ADMROCKS"; reference:cve,CVE-1999-0833;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT named";flags: A+; content:"|CD80 E8D7 FFFF FF|/bin/sh";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86 linux";flags: A+; content:"|31c0 b03f 31db b3ff 31c9 cd80 31c0|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86 linux generic";flags: A+; content:"|cd80 e8d7 ffff ff|/bin/sh";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86 linux";flags: A+; content:"|31 c0 b0 02 cd 80 85 c0 75 4c eb 4c 5e b0|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86 linux ADMv2";flags: A+; content:"|89f7 29c7 89f3 89f9 89f2 ac3c fe|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86 freebsd";flags: A+; content:"|eb6e 5ec6 069a 31c9 894e 01c6 4605|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT sparc";flags: A+; content:"|90 1a c0 0f  90 02 20 08 92 02 20 0f d0 23 bf f8|";) 


# DOS RULES
# Updated: 03/15/2001
# -------------------

alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS ath"; content:"+++ath"; nocase; itype: 8; reference:arachnids,264;) 
alert tcp $EXTERNAL_NET any <> any any (msg:"DOS NAPTHA"; flags:S; seq: 6060842; id: 413; reference:url,razor.bindview.com/publish/advisories/adv_NAPTHA.html;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 7070 (msg:"DOS Real Audio Server"; flags: A+; content: "|fff4 fffd 06|";reference:arachnids,411;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 7070,8080 (msg:"DOS Real Server template.html"; flags: A+; content:"/viewsource/template.html?"; nocase;reference:bugtraq,1288;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"DOS Bay/Nortel Nautica Marlin"; dsize:0; reference:bugtraq,1009;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS ath0"; content: "+++ath0"; nocase; itype: 8; reference:arachnids,264;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 9 (msg:"DOS Ascend Route"; content: "|4e 41 4d 45 4e 41 4d 45|"; offset: 25; depth: 50; reference:cve,CVE-1999-0060; reference:arachnids,262;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:"DOS arkiea backup"; flags: A+; dsize: >1445; reference:arachnids,261;) 


# EXPLOIT RULES
# Updated: 03/15/2001
# -------------------

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT solaris NOOP"; content:"|801c 4011 801c 4011 801c 4011 801c 4011|"; flags:PA; reference:arachnids,353;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"EXPLOIT - Named tsig infoleak"; content: "|AB CD 09 80 00 00 00 01 00 00 00 00 00 00 01 00 01 20 20 20 20 02 61|"; reference:arachnids,482;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (msg:"EXPLOIT LPRng overflow"; flags: A+; content: "/43 07 89 5B 08 8D 4B 08 89 43 0C B0 0B CD 80 31 C0 FE C0 CD 80 E8 94 FF FF FF 2F 62 69 6E 2F 73 68 0A/"; reference:bugtraq,1712;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (msg:"EXPLOIT redhat 7.0 lprd overflow"; flags: A+; content:"|58 58 58 58 25 2E 31 37 32 75 25 33 30 30 24 6E|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT linux shellcode"; flags: A+; content: "|90 90 90 e8 c0 ff ff ff|/bin/sh"; reference:arachnids,342;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 setuid 0"; content: "|b017 cd80|";reference:arachnids,436;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 setgid 0"; content: "|b0b5 cd80|";reference:arachnids,437;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT hpux noop";flags: A+; content:"|0b39 0280 0b39 0280 0b39 0280 0b39 0280|";reference:arachnids,359;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT sparc NOOP";flags: A+; content:"|13c0 1ca6 13c0 1ca6 13c0 1ca6 13c0 1ca6|"; reference:arachnids,345;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 NOPS"; content: "|90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90|";reference:arachnids,362;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT sparc NOOP"; content:"|a61c c013 a61c c013 a61c c013 a61c c013|"; reference:arachnids,355;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 stealth noop";  flags:A+; content: "|eb 02 eb 02 eb 02|"; reference:arachnids,291;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT x86 linux imapd overflow";flags: A+; content:"|eb34 5e8d 1E89 5e0b 31d2 8956 07|";reference:bugtraq,130; reference:cve,CVE-1999-0005;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT x86 linux imapd overflow";flags: A+; content:"|eb35 5E80 4601 3080 4602 3080 4603 30|";reference:bugtraq,130; reference:cve,CVE-1999-0005;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT x86 linux imapd overflow";flags: A+; content:"|eb38 5e89f389d880460120804602|"; reference:bugtraq,130; reference:cve,CVE-1999-0005;) 
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"EXPLOIT x86 windows MailMax overflow";flags: A+; content:"|eb45 eb20 5bfc 33c9 b182 8bf3 802b|"; reference:cve,CVE-1999-0404;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 2766 (msg:"EXPLOIT nlps x86 solaris overflow";flags: A+; content:"|eb23 5e33 c088 46fa 8946 f589 36|";) 
alert udp $EXTERNAL_NET any -> $HOME_NET 518 (msg:"EXPLOIT ntalkd x86 linux overflow"; content:"|0103 0000 0000 0001 0002 02e8|";) 
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"EXPLOIT x86 linux mountd overflow"; content:"|eb56 5E56 5656 31d2 8856 0b88 561e|"; reference:cve,CVE-1999-0002;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"EXPLOIT x86 linux mountd overflow"; content:"|5eb0 0289 06fe c889 4604 b006 8946|"; reference:cve,CVE-1999-0002;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 6373 (msg:"EXPLOIT sco calserver overflow";flags: A+; content:"|eb7f 5d55 fe4d 98fe 4d9b|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 linux overflow";flags: A+; content:"|d840 cd80 e8d9 ffff ff|/bin/sh";) 
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"EXPLOITx86 linux mountd overflow"; content:"|eb40 5E31 c040 8946 0489 c340 8906|";reference:cve,CVE-1999-0002;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT x86 linux imapd overflow";flags: A+; content:"|eb58 5E31 db83 c308 83c3 0288 5e26|"; reference:bugtraq,130; reference:cve, CVE-1999-0005;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT x86 linux imapd overflow";flags: A+; content:"|89d8 40cd 80e8 c8ff ffff|/";reference:bugtraq,130; reference:cve,CVE-1999-0005;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap overflow";flags: A+; content:"|E8 C0FF FFFF|/bin/sh";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"EXPLOIT x86 linux samba overflow";flags: A+; content:"|eb2f 5feb 4a5e 89fb 893e 89f2|"; reference:cve,CVE-1999-0811; reference:cve,CVE-1999-0182;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 67 (msg:"EXPLOIT bootp x86 bsd overflow"; content:"|6563 686f 206e 6574 726a 7320 7374 7265|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 sco overflow";flags: A+; content:"|560e 31c0 b03b 8d7e 1289 f989 f9|";) 
#alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT hpux noop"; content:"|0821 0280 0821 0280 0821 0280 08210 0280|"; reference:arachnids,349;) 
#alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 bsd overflow";flags: A+; content:"|5e0 e31c 0b03 b8d7 e0e8 9fa 89f9|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 bsd overflow";flags: A+; content:"|685d 5eff d5ff d4ff f58b f590 6631|";) 
#alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"EXPLOIT pop2 x86 linux overflow";flags: A+; content:"|eb2c 5b89 d980 c106 39d9 7c07 800 1|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"EXPLOIT pop2 x86 linux overflow";flags: A+; content:"|ffff ff2f 4249 4e2f 5348 00|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT IRC client overflow";flags: A+; content:"|eb 4b 5b 53 32 e4 83 c3 0b 4b 88 23 b8 50 77|"; reference:cve,CVE-1999-0672; reference:bugtraq,573;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT NextFTP client overflow";flags: A+; content:"|b420 b421 8bcc 83e9 048b 1933 c966 b910|"; reference:cve,CVE-1999-0671;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT qpopper overflow";flags: A+; content:"|E8 D9FF FFFF|/bin/sh";) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT sparc NOOP"; content:"|13c0 1ca6 13c0 1ca6 13c0 1ca6 13c0 1ca6|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 NOOP"; content: "|90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90|"; flags: A+; reference:arachnids,181;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 setgid 0"; content: "|b0b5 cd80|"; flags: A+; reference:arachnids,284;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 setuid 0"; content: "|b017 cd80|"; flags: A+; reference:arachnids,283;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT sparc setuid 0"; content: "|82102017 91d02008|"; flags: A+;reference:arachnids,282;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"EXPLOIT NNTP Cassandra Overflow"; flags: A+; content: "AUTHINFO USER"; nocase; dsize: >512; depth: 16; reference:arachnids,274;) 
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"EXPLOIT sniffit overflow"; flags: A+; content: "from|3A 90 90 90 90 90 90 90 90 90 90 90|"; nocase; dsize: >512; reference:arachnids,273;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 9090 (msg:"EXPLOIT VQServer admin"; flags: A+; content:"GET / HTTP/1.1"; nocase; reference:bugtraq,1610;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"EXPLOIT delegate proxy overflow"; content: "whois|3a|//"; nocase; flags: A+; dsize: >1000; reference:arachnids,267;) 
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"EXPLOIT netscape 4.7 unsucessful overflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|"; flags: A+; reference:arachnids,214;) 
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7 client overflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|"; flags: A+; reference:arachnids,215;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT digital unix noop"; flags: A+; content:"|47 ff  04 1f 47 ff  04 1f 47 ff  04 1f 47 ff 04 1f|"; reference:arachnids,361;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT sparc NOOP"; flags: A+; content:"|a61c c013 a61c c013 a61c c013 a61c c013|"; reference:arachnids,355;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 67 (msg:"EXPLOIT bootp x86 linux overflow"; content:"|4139 30c0 a801 012f 6269 6e2f 7368 00|"; reference:cve,CVE-1999-0799; reference:cve,CAN-1999-0798; reference:CAN-1999-0389;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT solaris NOOP"; content:"|801c 4011 801c 4011 801c 4011 801c 4011|"; reference:arachnids,344;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT SGI noop";flags: A+; content:"|240f 1234 240f 1234 240f 1234 240f 1234|";) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT SGI noop"; content:"|240f 1234 240f 1234 240f 1234 240f 1234|"; reference:arachnids,357;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT SGI noop";flags: A+; content:"|03e0 f825 03e0 f825 03e0 f825 03e0 f825|"; reference:arachnids,356;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT hpux noop"; content:"|0b39 0280 0b39 0280 0b39 0280 0b39 0280|"; reference:arachnids,350;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT hpux noop";flags: A+; content:"|0821 0280 0821 0280 0821 0280 0821 0280|"; reference:arachnids,358;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap x86 linux overflow";flags: A+; content:"|e8c0 ffff ff|/bin/sh"; reference:arachnids,147; reference:cve,CVE-1999-004;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT digital unix noop"; content:"|47 ff 04 1f 47 ff 04 1f 47 ff 04 1f 47 ff 04 1f|"; reference:arachnids,352;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT aix noop";flags: A+; content:"|4fff fb82 4fff fb82 4fff fb82 4fff fb82|";) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT aix noop"; content:"|4fff fb82 4fff fb82 4fff fb82 4fff fb82|";) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT linux shellcode"; content:"|90 90 90 e8 c0 ff ff ff|/bin/sh";  reference:arachnids,343;) 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT x86 NOOP"; content:"|9090 9090 9090 9090 9090 9090 9090 9090|"; reference:arachnids,181;) 


# FINGER RULES
# Updated: 03/15/2001
# -------------------

alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER backdoor";flags: A+; content:"cmd_rootsh";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER account enumeration";flags: A+; content:"a b c d e f"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER search attempt";flags: A+; content:"search";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER root";flags: A+; content:"root";reference:arachnids,376;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER null"; flags: A+; content:"|00|";reference:arachnids,377;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER probe0 attempt";flags: A+; content:"0";reference:arachnids,378;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER pipew attempt";flags: A+; content:"/W|3b|";reference:arachnids,379;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER pipe attempt"; flags: A+; content:"|7c|";reference:arachnids,380;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER bomb attempt";flags: A+; content:"@@";reference:arachnids,382;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER cybercop redirection"; flags: A+; content: "|40 6C 6F 63 61 6C 68 6F 73 74 0A|"; dsize: 11; depth: 11; reference:arachnids,11;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER redirection"; content: "@"; flags: A+; reference:arachnids,251;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER cybercop query"; content: "|0A 20 20 20 20 20|"; flags: A+; depth: 10; reference:arachnids,132; reference:cve,CVE-1999-0612;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER 0@host";flags: A+; content:"|300A|";reference:arachnids,131;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER .@host";flags: A+; content:"|2E0A|";reference:arachnids,130; reference:cve,CVE-1999-0612;) 


# FTP RULES
# Updated: 03/15/2001
# -------------------

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT wu-ftpd 2.6.0 tf8"; flags: A+; content: "|31C0 31DB 31C9 B046 CD80 31C0 31DB 43 89D941 B03F CD80|"; reference:arachnids,458;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP serv-u directory transversal"; flags: A+; content: ".%20."; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT format string"; flags: A+; content: "SITE EXEC |25 30 32 30 64 7C 25 2E 66 25 2E 66 7C 0A|"; depth: 32; nocase; reference:arachnids,453;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT solaris 2.8 format string"; flags: A+; content: "|901BC00F 82102017 91D02008|";reference:arachnids,451;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT openbsd ftpd"; flags: A+; content: " |90 31 C0 99 52 52 B017 CD80 68 CC 73 68|";reference:arachnids,446;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT wu-ftpd 2.6.0"; flags: A+; content: "|2e2e3131|venglin@";reference:arachnids,440;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP .forward"; content: ".forward"; flags: A+;reference:arachnids,319;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP pass wh00t"; content: "pass wh00t"; nocase; flags: A+; reference:arachnids,324;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP site exec"; content: "site exec"; nocase; flags: A+; reference:arachnids,317;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP CWD ~root"; content: "cwd ~root"; nocase; flags: A+;reference:arachnids,318;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT wu-ftpd 2.6.0 linux overflow"; content: "|31c031db 31c9b046 cd80 31c031db|"; flags: A+; reference:arachnids,287;)
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -