📄 webiis-lib

📁 该源码是用C语言编写的,实现网络入侵检测系统的功能
💻
字号:
# $Id: webiis-lib,v 1.2 2000/11/18 08:25:04 roesch Exp $

alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"Attempt to retrieve ASP contents"; flags:PA; content:"GET /null.htw?CiWebHitsFile";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"Attempt to retrieve ASP contents"; flags:PA; content:"%20&CiRestriction=none&CiHiliteType=Full HTTP/1.0";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-IIS ISM.DLL Exploit Attempt"; flags:PA; content:"%20%20%20%20%20.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-getdrvrs";flags:PA; content:"scripts/tools/getdrvrs.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-cmd?";flags:PA; content:".cmd?&"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CVE-1999-0449 - IIS-codebrowser Exair";flags:PA; content:"iissamples/exair/howitworks/codebrws.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-codebrowser SDK";flags:PA; content:"iissamples/sdk/asp/docs/codebrws.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-ctguestb.idc";flags:PA; content:"scripts/samples/ctguestb.idc"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-del";flags:PA; content:"&del+/s+c|3a|\*.*"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-details.idc";flags:PA; content:"scripts/samples/details.idc"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-CGImail";flags:PA; content:"scripts/CGImail.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-fpcount";flags:PA; content:"scripts/fpcount.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-bdir";flags:PA; content:"scripts/iisadmin/bdir.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-idc-srch";flags:PA; content:"#filename=*.idc"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-iisadmpwd";flags:PA; content:"iisadmpwd/aexp3.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-isc$data";flags:PA; content:".idc|3a3a|$data"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-exec-srch";flags:PA; content:"#filename=*.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-admin-dll-serv";flags:PA; content:"scripts/iisadmin/ism.dll?http/serv"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-*.idc";flags:PA; content:"*.idc"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-_Site Server Config";flags:PA; content:"adsamples/config/site.csc"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-_vti_inf";flags:PA; content:"_vti_inf.html"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-adctest.asp";flags:PA; content:"msadc/samples/adctest.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-admin";flags:PA; content:"scripts/iisadmin"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-catalog_type";flags:PA; content:"AdvWorks/equipment/catalog_type.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-admin-dll";flags:PA; content:"scripts/iisadmin/ism.dll?http/dir"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-msadc/msadcs.dll";flags:PA; content:"msadc/msadcs.dll"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CVE-1999-0278 - IIS-asp$data";flags:PA; content:".asp|3a3a|$data"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-asp-dot";flags:PA; content:".asp."; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-asp-srch";flags:PA; content:"#filename=*.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-bat?";flags:PA; content:".bat?&"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-Overflow-htr";flags:PA; content:"BBBB.htrHTTP"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-carbo.dll";flags:PA; content:"carbo.dll"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-admin-default";flags:PA; content:"scripts/iisadmin/default.htm"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-aexp.htr Attempt";flags:PA; content:"iisadmpwd/aexp.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB IIS - Index Server File Sourcecode Request"; flags:PA; content:"?CiWebHitsFile=/"; content:"&CiRestriction=none&CiHiliteType=Full";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS200 - Web-IIS Encoding"; flags:PA; content: "|25 31 75|";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS - Possible Attempt at FPCOUNT.EXE DoS"; flags:PA; content:"fpcount.exe"; content:"Digits=-"; nocase;) 
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1031:1035 (msg:"IIS - Possible Attempt at NT INETINFO.EXE 100% CPU Utilization"; flags:S;) 
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1029 (msg:"IIS - Possible Attempt at NT DNS.EXE 100% CPU Utilization"; flags:S;) 
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1091 (msg:"IIS - Possible Attempt at NT DNS.EXE 100% CPU Utilization"; flags:S;) 
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1043 (msg:"IIS - Possible Attempt at NT WINS.EXE 100% CPU Utilization"; flags:S;) 
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1038 (msg:"IIS - Possible Attempt at NT TCPSVCS.EXE 100% CPU Utilization"; flags:S;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-getdrvs.exe";flags:PA; content:"scripts/tools/getdrvs.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-anot3.htr Attempt";flags:PA; content:"iisadmpwd/anot3.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-anot.htr Attempt";flags:PA; content:"iisadmpwd/anot.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-aexp4b.htr Attempt";flags:PA; content:"iisadmpwd/aexp4b.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-aexp4.htr Attempt";flags:PA; content:"iisadmpwd/aexp4.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-MSProxy";flags:PA; content:"scripts/proxy/w3proxy.dll"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0736 - IIS-showcode";flags:PA; content:"/selector/showcode.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CVE-1999-0191 - IIS-newdsn";flags:PA; content:"scripts/tools/newdsn.exe"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-perl";flags:PA; content:"scripts/perl?"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-perl-browse0a";flags:PA; content:"%0a.pl"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-perl-browse20";flags:PA; content:"%20.pl"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-SAM Attempt";flags:PA; content:"sam._"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-aexp2b.htr Attempt";flags:PA; content:"iisadmpwd/aexp2b.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-search97";flags:PA; content:"search97.vts";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0407 - IIS-aexp2.htr Attempt";flags:PA; content:"iisadmpwd/aexp2.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-srch.asp";flags:PA; content:"/issamples/query.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-srch.htm";flags:PA; content:"samples/isapi/srch.htm"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-srchadm";flags:PA; content:"srchadm"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-uploadn";flags:PA; content:"scripts/uploadn.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-achg.htr Attempt";flags:PA; content:"iisadmpwd/achg.htr"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"CAN-1999-0253 - IIS-%2E-asp";flags:PA; content:"%2e.asp"; nocase;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IIS-scripts-browse";flags:PA; content:"scripts/|20|"; nocase;)
💿 文件大小 2210 K
👤 上传用户 wlflove123
📂 所属分类书籍源码
🏷️ 相关标签

#源码 #C语言 #检测系统 #编写
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -