📄 webmisc-lib

📁 网络入侵检测系统
💻
字号:
# $Id: webmisc-lib,v 1.2 2000/11/18 08:25:04 roesch Exp $

alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - /cgi-bin/jj attempt"; content:"cgi-bin/jj"; nocase; flags:PA; ) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - architext_query.pl attempt"; content:"/ews/architext_query.pl"; nocase; flags:PA;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - wwwboard.pl attempt"; content:"cgi-bin/wwwboard.pl"; nocase; flags:PA; ) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - Cart 32 AdminPwd Access"; flags:PA; content:"c32web.exe/ChangeAdminPassword"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-PageService";flags:PA; content:"?PageServices"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-etc/passwd";flags:PA; content:"etc/passwd"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-ICQ webserver";flags:PA; content:".html/......"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Lotus-DelDoc";flags:PA; content:"?DeleteDocument"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Lotus-EditDoc";flags:PA; content:"?EditDocument"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-ls%20-l";flags:PA; content:"ls%20-l"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-mlog";flags:PA; content:"mlog.phtml?"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-mylog";flags:PA; content:"mylog.phtml?"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Ecommerce-import.txt";flags:PA; content:"orders/import.txt"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-OReilly win-c-sample.exe";flags:PA; content:"cgi-shl/win-c-sample.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Ecommerce-check.txt";flags:PA; content:"config/check.txt"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-prefix-get //";flags:PA; content:"get //"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-webcart";flags:PA; content:"/webcart/"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC-AuthChangeUrl";flags:PA; content:"_AuthChangeUrl?"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC-convert.bas Attempt";flags:PA; content:"scripts/convert.bas"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-OReilly args.bat";flags:PA; content:"cgi-dos/args.bat"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-count.cgi";flags:PA; content:"count.cgi"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0229 - IIS WEB-..\..";flags:PA; content:"|2e2e5c2e2e|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-/....";flags:PA; content:"|2f2e2e2e2e|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-///cgi-bin";flags:PA; content:"///cgi-bin"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-~root";flags:PA; content:"~root"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-ApacheDOS";flags:PA; content:"|2f2f2f2f2f2f2f2f|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-cat%20";flags:PA; content:"cat%20"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Ecommerce-import.txt";flags:PA; content:"config/import.txt"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-cgi-bin///";flags:PA; content:"cgi-bin///"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC-cpshost.dll Attempt";flags:PA; content:"scripts/cpshost.dll"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Domino-catalog.nsf";flags:PA; content:"catalog.nsf"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Domino-domcfg.nsf";flags:PA; content:"domcfg.nsf"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Domino-domlog.nsf";flags:PA; content:"domlog.nsf"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Domino-log.nsf";flags:PA; content:"log.nsf"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Domino-names.nsf";flags:PA; content:"names.nsf"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC-.wwwacl";flags:PA; content:"secure/wwwacl"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-Ecommerce-checks.txt";flags:PA; content:"orders/checks.txt"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-cd..";flags:PA; content:"cd.."; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"MISC WEB - BizDB Script Exploit"; flags:PA; content:"bizdb1-search.cgi"; content:"mail"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC-cmd.exe Attempt";flags:PA; content:"scripts/../../cmd.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-html-rend"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1057 - Trend Micro OfficeScan Access"; flags:PA; content:"officescan/cgi/jdkRqNotify.exe?"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1053 - Oracle Web Listener Batch Access"; flags:PA; content:"ows-bin/&"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1052 - Sojourn File Access"; flags:PA; content:"/sojourn.cgi?cat="; content:"%00"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1031 - SGI InfoSearch fname Access"; flags:PA; content:"infosrch.cgi?"; content:"fname="; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-stop-ver"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"MISC WEB - SalesLogix Eviewer Web Shutdown"; flags:PA; content:"/slxweb.dll/admin?command="; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-start-ver";nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"MISC WEB - Netscape PublishingXpert 2 Exploit"; flags:PA; content:"/PSUser/PSCOErrPage.htm?"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - windmail.exe Access Detected"; content:"windmail.exe?-n"; content:"mail"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - Webplus Access Detected"; content:"webplus?script"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg: "IDS270 - WEB MISC - Netscape dir index wp"; flags:PA; content: "?wp-"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS272 - Piranha Passwd.php3"; flags:PA; content: "passwd.php3";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC - Novell Groupwise gwweb.exe access"; flags:PA; content:"GWWEB.EXE?HELP="; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1036 - Caldera OpenLinux rpm_query Access"; flags:PA; content:"cgi-bin/rmp_query"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS258 - Web cgi get32.exe"; flags:PA; content: "get32.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC-.htaccess";flags:PA; content:".htaccess"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 457 (msg:"IDS180 - WEB-netscape-overflow-unixware"; flags: AP; content: "|eb 5f 9a ff ff ff ff 07 ff c3 5e 31 c0 89 46 9d|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS205 - WEB-MISC - Phorum Admin"; flags: AP; content:"admin.php3"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS206 - WEB-MISC - Phorum Auth"; flags: AP; content:"PHP_AUTH_USER=boogieman"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS207 - WEB-MISC - Phorum Code"; flags: AP; content:"code.php3"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS208 - WEB-MISC - Phorum Read"; flags: AP; content:"read.php3"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-uncheckout"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 2301 (msg:"IDS244 - CVE-1999-0771 - Compaq-insight-dot-dot"; content: "../";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-../..";flags:PA; content:"|2e2e2f2e2e|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS265 - Web cgi cgitest"; content: "cgitest.exe|0d0a|user"; nocase; flags: AP; offset: 4;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-cs-dump";nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-ver-info";nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-usr-prop";nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-ver-diff";nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"BUGTRAQ ID 1063 - Netscape Enterprise Server Directory View"; flags:PA; content:"?wp-verify-link";nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS209 - WEB-MISC - Phorum Violation"; flags: AP; content:"violation.php3"; nocase;)
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -