⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 chat.rules

📁 Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前
💻 RULES
字号:
🔍 
# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.# $Id: chat.rules,v 1.1 2002/08/12 11:42:07 scara Exp $#-------------# CHAT RULES#-------------# These signatures look for people using various types of chat programs (for# example: AIM, ICQ, and IRC) which may be against corporate policyalert tcp $HOME_NET any -> $EXTERNAL_NET 1863 (msg:"CHAT MSN chat access"; flow:to_server,established; content:"text/plain"; depth:100; classtype:misc-activity; sid:540;  rev:6;)alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"CHAT ICQ access"; flow:to_server,established; content: "User-Agent\:ICQ"; classtype:misc-activity; sid:541;  rev:6;)alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC nick change"; flow:to_server,established; content: "NICK "; offset:0; classtype:misc-activity; sid:542;  rev:8;)alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC DCC file transfer request"; flow:to_server,established; content:"PRIVMSG "; nocase; offset:0; content:" \:.DCC SEND"; nocase; classtype:misc-activity; sid:1639;  rev:3;)alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC DCC chat request"; flow:to_server,established; content:"PRIVMSG "; nocase; offset:0; content:" \:.DCC CHAT chat"; nocase; classtype:misc-activity; sid:1640;  rev:3;)alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC channel join"; flow:to_server,established; content:"JOIN \: \#"; nocase; offset:0; classtype:misc-activity; sid:1729;  rev:2;)alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC message"; flow:to_server,established; content:"PRIVMSG "; nocase; offset:0; classtype:misc-activity; sid:1463;  rev:3;)alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC dns request"; flow:to_server,established; content:"USERHOST "; nocase; offset:0; classtype:misc-activity; sid:1789; rev:1;)alert tcp $EXTERNAL_NET 6666:7000 -> $HOME_NET any (msg:"CHAT IRC dns response"; flow:to_client,established; content:"\:"; offset:0; content:" 302 "; content:"=+"; classtype:misc-activity; sid:1790; rev:2;)alert tcp $EXTERNAL_NET any -> $HOME_NET 6666:7000 (msg:"CHAT IRC EXPLOIT topic overflow"; flow:to_client,established; content:"|eb 4b 5b 53 32 e4 83 c3 0b 4b 88 23 b8 50 77|"; reference:cve,CVE-1999-0672; reference:bugtraq,573; classtype:attempted-user; sid:307; rev:5;)alert tcp any any -> any 6666:7000 (msg:"CHAT IRC EXPLOIT Ettercap parse overflow attempt"; flow:to_server,established; content:"PRIVMSG nickserv IDENTIFY"; nocase; offset:0; dsize:>200; reference:url,www.bugtraq.org/dev/GOBBLES-12.txt; classtype:misc-attack; sid:1382; rev:5;)alert tcp $HOME_NET any -> [64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] any (msg:"CHAT AIM login"; flow:to_server,established; content:"|2a 01|"; offset:0; depth:2; classtype:policy-violation; sid:1631; rev:3;)alert tcp $HOME_NET any -> [64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] any (msg:"CHAT AIM send message"; flow:to_server,established; content:"|2a 02|"; offset:0; depth:2; content:"|00 04 00 06|"; offset:6; depth:4; classtype:policy-violation; sid:1632; rev:3;)alert tcp [64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] any -> $HOME_NET any (msg:"CHAT AIM recieve message"; flow:to_client; content:"|2a 02|"; offset:0; depth:2; content:"|00 04 00 07|"; offset:6; depth:4; classtype:policy-violation; sid:1633; rev:2;)

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -