📄 overflow-lib
字号:
# $Id: overflow-lib,v 1.3 2000/11/18 08:25:04 roesch Exp $
# Buffer overflows go here!
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"IDS242 - RPC ttdbserv Solaris Overflow"; content: "|C0 22 3F FC A2 02 20 09 C0 2C 7F FF E2 22 3F F4|"; flags: AP; dsize: >999;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"IDS274 - NNTP Cassandra Overflow"; flags:PA; content: "AUTHINFO USER"; nocase; dsize: >512; depth: 16;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS275 - Cisco Web Crash"; flags:PA; content: "|20 2F 25 25|"; depth: 16;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"IDS273 - Sniffit overflow"; flags:PA; content: "from|3A 90 90 90 90 90 90 90 90 90 90 90|"; nocase; dsize: >512;)
alert udp $EXTERNAL_NET any -> $HOME_NET 518 (msg:"OVERFLOW-x86-linux-ntalkd"; content:"|0103 0000 0000 0001 0002 02e8|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-generic1";flags:PA; content:"|5057 440A 2F69|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-generic2";flags:PA; content:"|5858 5858 582F|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-x86linux-adm";flags:PA; content:"|31 c0 31 db b0 17 cd 80 31 c0 b0 17 cd 80|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-x86linux-duke";flags:PA; content:"|31c0 31db b017 cd80 31c0 b017 cd80|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-x86linux-sekure";flags:PA; content:"MKD AAAAAA";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-x86linux-smiler";flags:PA; content:"|31db 89d8 b017 cd80 eb2c|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-x86linux-wh0a";flags:PA; content:"|83 ec 04 5e 83 c6 70 83 c6 28 d5 e0 c0|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"OVERFLOW-x86-windows-CSMMail";flags:PA; content:"eb53 eb20 5bfc 33c9 b182 8bf3 802b";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-2!";flags:PA; content:"|5858 5858 582F|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 2766 (msg:"OVERFLOW-x86-solaris-nlps";flags:PA; content:"|eb23 5e33 c088 46fa 8946 f589 36|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-x86-linux-imapd5";flags:PA; content:"|eb35 5E80 4601 3080 4602 3080 4603 30|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-DNS-sparc";flags:PA; content:"|90 1a c0 0f 90 02 20 08 92 02 20 0f d0 23 bf f8|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-DNS-x86freebsd-rotsb";flags:PA; content:"|eb6e 5ec6 069a 31c9 894e 01c6 4605|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-DNS-x86linux-ADMv2";flags:PA; content:"|89f7 29c7 89f3 89f9 89f2 ac3c fe|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-DNS-x86linux-ADMv3";flags:PA; content:"|31 c0 b0 02 cd 80 85 c0 75 4c eb 4c 5e b0|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"OVERFLOW-x86-windows-MailMax";flags:PA; content:"eb45 eb20 5bfc 33c9 b182 8bf3 802b";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"OVERFLOW-x86-linux-samba";flags:PA; content:"|eb2f 5feb 4a5e 89fb 893e 89f2|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-IRC-client-Chocoa";flags:PA; content:"|eb 4b 5b 53 32 e4 83 c3 0b 4b 88 23 b8 50 77|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"OVERFLOW-POP2-x86linux";flags:PA; content:"|ffff ff2f 4249 4e2f 5348 00|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"OVERFLOW-POP2-x86linux2";flags:PA; content:"|eb2c 5b89 d980 c106 39d9 7c07 800 1|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"OVERFLOW-POP3-x86bsd";flags:PA; content:"|685d 5eff d5ff d4ff f58b f590 6631|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"OVERFLOW-POP3-x86bsd2";flags:PA; content:"|5e0 e31c 0b03 b8d7 e0e8 9fa 89f9|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"OVERFLOW-POP3-x86linux";flags:PA; content:"|d840 cd80 e8d9 ffff ff|/bin/sh";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"OVERFLOW-FTP-1!";flags:PA; content:"|5057 440A 2F69|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"OVERFLOW-QPOP";flags:PA; content:"|E8 D9FF FFFF|/bin/sh";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-DNS-x86linux-generic";flags:PA; content:"|cd80 e8d7 ffff ff|/bin/sh";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-86-linux-imap1";flags:PA; content:"|e8 c0ff ffff|/bin/sh";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-IMAP";flags:PA; content:"|E8 C0FF FFFF|/bin/sh";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-x86-linux-imapd2";flags:PA; content:"|89d8 40cd 80e8 c8ff ffff|/";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-x86-linux-imapd3";flags:PA; content:"|eb58 5E31 db83 c308 83c3 0288 5e26|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-x86-linux-imapd4";flags:PA; content:"|eb34 5e8d 1E89 5e0b 31d2 8956 07|";)
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"OVERFLOW-x86-linux-mountd"; content:"|eb56 5E56 5656 31d2 8856 0b88 561e|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"OVERFLOW-x86-linux-imapd6";flags:PA; content:"|eb385e89f389d880460120804602|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"OVERFLOW-POP3-x86sco";flags:PA; content:"|560e 31c0 b03b 8d7e 1289 f989 f9|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS181 - OVERFLOW-NOOP-X86"; content:"|9090 9090 9090 9090 9090 9090 9090 9090|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-SGI"; content:"|240f 1234 240f 1234 240f 1234 240f 1234|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-SGI";flags:PA; content:"|240f 1234 240f 1234 240f 1234 240f 1234|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Solaris"; content:"|801c 4011 801c 4011 801c 4011 801c 4011|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Solaris";flags:PA; content:"|801c 4011 801c 4011 801c 4011 801c 4011|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Sparc"; content:"|13c0 1ca6 13c0 1ca6 13c0 1ca6 13c0 1ca6|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Sparc";flags:PA; content:"|13c0 1ca6 13c0 1ca6 13c0 1ca6 13c0 1ca6|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-DNS-x86linux-rotsb";flags:PA; content:"|31c0 b03f 31db b3ff 31c9 cd80 31c0|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Sparc";flags:PA; content:"|a61c c013 a61c c013 a61c c013 a61c c013|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-HP";flags:PA; content:"|0b39 0280 0b39 0280 0b39 0280 0b39 0280|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-X86";flags:PA; content:"|9090 9090 9090 9090 9090 9090 9090 9090|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-Named-ADM-NXT - 8.2->8.2.1";flags:PA; content:"ADMROCKS";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-Named-ADM-NXT - 8.2->8.2.1";flags:PA; content:"thisissometempspaceforthesockinaddrinyeahyeahiknowthisislamebutanywaywhocareshorizongotitworkingsoalliscool";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-Named-ADM-NXT - 8.2->8.2.1";flags:PA; content:"../../../../../../../../../";)
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"IDS215 - OVERFLOW - Client - netscape47-retrieved"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|"; flags: AP;)
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"IDS214 - OVERFLOW - Client - netscape47-unsucessful"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|"; flags: AP;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Sparc"; content:"|a61c c013 a61c c013 a61c c013 a61c c013|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-AIX"; content:"|4fff fb82 4fff fb82 4fff fb82 4fff fb82|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"OVERFLOW-named";flags:PA; content:"|CD80 E8D7 FFFF FF|/bin/sh";)
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"OVERFLOW-x86-linux-mountd2"; content:"|5eb0 0289 06fe c889 4604 b006 8946|";)
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"OVERFLOW-x86-linux-mountd3"; content:"|eb40 5E31 c040 8946 0489 c340 8906|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET 6373 (msg:"OVERFLOW-sco-calserver";flags:PA; content:"|eb7f 5d55 fe4d 98fe 4d9b|";)
alert udp $EXTERNAL_NET any -> $HOME_NET 67 (msg:"OVERFLOW-BOOTP-x86bsd"; content:"|6563 686f 206e 6574 726a 7320 7374 7265|";)
alert udp $EXTERNAL_NET any -> $HOME_NET 67 (msg:"OVERFLOW-BOOTP--x86linux"; content:"|4139 30c0 a801 012f 6269 6e2f 7368 00|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-SGI";flags:PA; content:"|03e0 f825 03e0 f825 03e0 f825 03e0 f825|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-LinuxCommonUDP"; content:"|90 90 90 e8 c0 ff ff ff|/bin/sh";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-SGI"; content:"|03e0 f825 03e0 f825 03e0 f825 03e0 f825|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-AIX";flags:PA; content:"|4fff fb82 4fff fb82 4fff fb82 4fff fb82|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Digital";flags:PA; content:"|47 ff 04 1f 47 ff 04 1f 47 ff 04 1f 47 ff 04 1f|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-Digital"; content:"|47 ff 04 1f 47 ff 04 1f 47 ff 04 1f 47 ff 04 1f|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-HP"; content:"|0821 0280 0821 0280 0821 0280 0821 0280|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-HP";flags:PA; content:"|0821 0280 0821 0280 0821 0280 08210 0280|";)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NOOP-HP"; content:"|0b39 0280 0b39 0280 0b39 0280 0b39 0280|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-NextFTP-client";flags:PA; content:"|b420 b421 8bcc 83e9 048b 1933 c966 b910|";)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"OVERFLOW-LinuxCommonTCP";flags:PA; content:"|90 90 90 e8 c0 ff ff ff|/bin/sh";)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -