info.rules

来自「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目」· RULES 代码 · 共 14 行

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: info.rules,v 1.1 2002/08/12 11:42:07 scara Exp $
#-----------
# INFO RULES
#-----------

alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"INFO Connection Closed MSG from Port 80"; content:"Connection closed by foreign host"; nocase; flow:from_server,established; classtype:unknown; sid:488;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"INFO FTP No Password"; content: "pass |0d|"; nocase; reference:arachnids,322; flow:from_client,established; classtype:unknown; sid:489;  rev:4;)
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"INFO battle-mail traffic"; content:"BattleMail"; flow:to_server,established; classtype:unknown; sid:490;  rev:4;)
alert tcp $HOME_NET 21 -> $EXTERNAL_NET any (msg:"FTP Bad login"; content:"530 Login "; nocase; flow:to_server,established; classtype:bad-unknown; sid:491;  rev:4;)
alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET Bad Login"; content: "Login failed";  nocase; flow:from_server,established; classtype:bad-unknown; sid:492;  rev:5;)
alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET Bad Login"; content: "Login incorrect"; nocase; flow:from_server,established; classtype:bad-unknown; sid:1251;  rev:4;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"INFO psyBNC access"; content:"Welcome!psyBNC@lam3rz.de"; flow:from_server,established; classtype:bad-unknown; sid:493;  rev:4;)