📄 rule.xml

📁 一款轻量级的入侵检测系统对于网页中的shellcode有一定的防范能力
💻 XML
📖 第 1 页 / 共 5 页
字号:
12 3 4 5 下一页
<?xml version="1.0"?><rules><!--backdoor rules--><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>double</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|48 41 43 4B 00 00|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><content><payload>windows</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>huigezi2006 trojan ativity found</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>27374</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|0D 0A 5B 52 50 4C 5D 30 30 32 0D 0A|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR subseven 22</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>16959</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>PWD</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR subseven DEFCON8 2.1 access</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>1024</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>NetBus</payload><offset></offset><depth>6</depth><distance></distance><nocase>true</nocase></content><msg>BACKDOOR netbus active</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>12345</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|47 65 74 49 6E 66 6F 0D|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR netbus getinfo</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>20034</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|42 4E 10 00 02 00|</payload><offset></offset><depth>6</depth><distance></distance><nocase></nocase></content><content><payload>|05 00|</payload><offset>8</offset><depth>2</depth><distance></distance><nocase></nocase></content><msg>BACKDOOR NetBus Pro 2.0 connection established</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>Ahhhh My Mouth Is Open</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR DeepThroat 3.1 Server Response</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>6789</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>Wtzup Use</payload><offset></offset><depth>32</depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Doly 2.0 access</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>1015</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>Connected.</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Doly 1.5 server response</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>2589</srcport><dstport>1024</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|32 00 00 00 06 00 00 00 44 72 69 76 65 73 24 00|</payload><offset></offset><depth>16</depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Doly 1.5 server response</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>7597</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>qazwsx.hsq</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR QAZ Worm Client Login access</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>146</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>WHATISIT</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Infector.1.x</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>666</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>Remote:</payload><offset></offset><depth>11</depth><distance></distance><nocase>true</nocase></content><content><payload>You are connected to me.</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>Remote: Ready for commands</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BACKDOOR SatansBackdoor.2.0.Beta</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>146</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>FC </payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Infector 1.6 Client to Server Connection Request</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>31785</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>host</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR HackAttack 1.20 Connect</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>5401</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|63 3A 5C|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR BackConstruction 2.1 Connection</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>666</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>FTPON</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR BackConstruction 2.1 Client FTP Open Request</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>666</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>FTP Port open</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR BackConstruction 2.1 Server FTP Open Reply</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>3344</srcport><dstport>3345</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>activate</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Matrix 2.0 Client connect</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>3345</srcport><dstport>3344</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>logged in</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR Matrix 2.0 Server access</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>5714</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags>18</flags><seq></seq><ack></ack><windows></windows><content><payload>|B4 B4|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR WinCrash 1.0 Server Active</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>79</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>ypi0ca</payload><offset></offset><depth>15</depth><distance></distance><nocase>true</nocase></content><msg>BACKDOOR CDK</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>555</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>phAse zero server</payload><offset></offset><depth>17</depth><distance></distance><nocase>true</nocase></content><msg>BACKDOOR PhaseZero Server Active on Network</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>23</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>w00w00</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR w00w00 attempt</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>23</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>backdoor</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BACKDOOR attempt</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>23</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>r00t</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR MISC r00t attempt</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>23</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>rewt</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BACKDOOR MISC rewt attempt</msg></rule><rule>
12 3 4 5 下一页
💿 文件大小 90 K
👤 上传用户 shanon
📂 所属分类其他
🏷️ 相关标签

#shellcode #轻量级 #入侵检测系统 #页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -