nntp.rules

来自「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目」· RULES 代码 · 共 10 行

# (C) Copyright 2002, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: nntp.rules,v 1.1 2002/08/12 11:42:07 scara Exp $
#----------
# NNTP RULES
#----------

alert tcp $EXTERNAL_NET 119 -> $HOME_NET any (msg:"NNTP return code buffer overflow attempt"; flow:to_server,established,no_stream; content:"200 "; offset:0; dsize:>100; reference:bugtraq,4900; classtype:protocol-command-decode; sid:1792; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"NNTP AUTHINFO USER overflow attempt"; flow:to_server,established; dsize:>500; content:"AUTHINFO USER "; nocase; reference:cve,CAN-2000-0341; classtype:attempted-admin; sid:1538; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"NNTP Cassandra Overflow"; flow:to_server,established; content: "AUTHINFO USER"; nocase; dsize: >512; depth: 16; reference:cve,CAN-2000-0341; reference:arachnids,274; classtype:attempted-user; sid:291;  rev:5;)