📄 web-iis.rules

📁 Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前
💻 RULES
📖 第 1 页 / 共 2 页
字号:
上一页 12
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd.exe access"; flow:to_server,established; content:"cmd.exe"; nocase; classtype:web-application-attack; sid:1002;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd? access";flow:to_server,established; content:".cmd?&"; nocase; classtype:web-application-attack; sid:1003;  rev:6;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS codebrowser Exair access";flow:to_server,established; uricontent:"/iissamples/exair/howitworks/codebrws.asp"; nocase; reference:cve,CVE-1999-0499; classtype:web-application-activity; sid:1004;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS codebrowser SDK access";flow:to_server,established; uricontent:"/iissamples/sdk/asp/docs/codebrws.asp"; nocase;reference:bugtraq,167; classtype:web-application-activity; sid:1005;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cross-site scripting attempt"; uricontent:"/Form_JScript.asp"; nocase; flow:to_server,established; classtype:web-application-attack; sid:1007;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cross-site scripting attempt"; uricontent:"/Form_VBScript.asp"; nocase; flow:to_server,established; classtype:web-application-attack; sid:1380;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS del attempt";flow:to_server,established; content:"&del+/s+c|3a|\\*.*"; nocase; classtype:web-application-attack; sid:1008;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS directory listing"; uricontent:"/ServerVariables_Jscript.asp"; nocase; flow:to_server,established; classtype:web-application-attack; sid:1009;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS encoding access"; flow:to_server,established; content: "|25 31 75|";  reference:arachnids,200; classtype:web-application-activity; sid:1010;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS exec-src access";flow:to_server,established; content:"#filename=*.exe"; nocase; classtype:web-application-activity; sid:1011;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS fpcount attempt"; flow:to_server,established; uricontent:"/fpcount.exe"; content:"Digits="; nocase; reference:bugtraq,2252; classtype:web-application-attack; sid:1012;  rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS fpcount access";flow:to_server,established; uricontent:"/fpcount.exe"; nocase; reference:bugtraq,2252; classtype:web-application-activity; sid:1013;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS getdrvs.exe access";flow:to_server,established; uricontent:"/scripts/tools/getdrvs.exe"; nocase; classtype:web-application-activity; sid:1015;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS global-asa access";flow:to_server,established; content:"global.asa"; nocase; classtype:web-application-activity; sid:1016;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS idc-srch attempt";flow:to_server,established; content:"#filename=*.idc"; nocase; reference:cve,CVE-1999-0874; classtype:web-application-attack; sid:1017;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS iisadmpwd attempt";flow:to_server,established; uricontent:"/iisadmpwd/aexp"; nocase; reference:bugtraq,2110; reference:cve,CVE-2000-0303; classtype:web-application-attack; sid:1018;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS index server file sourcecode attempt"; flow:to_server,established; content:"?CiWebHitsFile=/"; content:"&CiRestriction=none&CiHiliteType=Full"; classtype:web-application-attack; sid:1019;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS isc$data attempt";flow:to_server,established; content:".idc|3a3a|$data"; nocase; reference:bugtraq,307; reference:cve,CVE-1999-0874; classtype:web-application-attack; sid:1020;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ism.dll attempt"; flow:to_server,established; content:"%20%20%20%20%20.htr"; nocase; reference:cve,CAN-2000-0457; reference:bugtraq,1193; classtype:web-application-attack; sid:1021;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS jet vba access";flow:to_server,established; uricontent:"/advworks/equipment/catalog_type.asp"; nocase; reference:bugtraq,286; reference:cve,CVE-1999-0874; classtype:web-application-activity; sid:1022;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS msadc/msadcs.dll access";flow:to_server,established; uricontent:"/msadc/msadcs.dll"; nocase; reference:cve,CVE-1999-1011; reference:bugtraq,529; classtype:web-application-activity; sid:1023;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS newdsn.exe access";flow:to_server,established; uricontent:"/scripts/tools/newdsn.exe"; nocase;reference:bugtraq,1818;reference:cve,CVE-1999-0191; classtype:web-application-activity; sid:1024;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS perl access";flow:to_server,established; uricontent:"/scripts/perl"; nocase; classtype:web-application-activity; sid:1025;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS perl-browse0a attempt";flow:to_server,established; content:"%0a.pl"; nocase; classtype:web-application-attack; sid:1026;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS perl-browse20 attempt";flow:to_server,established; content:"%20.pl"; nocase; classtype:web-application-attack; sid:1027;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS query.asp access";flow:to_server,established; uricontent:"/issamples/query.asp"; nocase; reference:bugtraq,193; reference:cve,CVE-1999-0449; classtype:web-application-activity; sid:1028;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS scripts-browse access";flow:to_server,established; uricontent:"/scripts/|20|"; nocase; classtype:web-application-attack; sid:1029;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS search97.vts access";flow:to_server,established; uricontent:"/search97.vts";reference:bugtraq,162; classtype:web-application-activity; sid:1030;  rev:6;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /SiteServer/Publishing/viewcode.asp access"; uricontent:"/SiteServer/Publishing/viewcode.asp"; flow:to_server,established; nocase; classtype:web-application-activity; sid:1031;  rev:6;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; uricontent:"/Sites/Knowledge/Membership/Inspired/ViewCode.asp"; flow:to_server,established; nocase; classtype:web-application-activity; sid:1032;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; uricontent:"/Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp"; flow:to_server,established; nocase; classtype:web-application-activity; sid:1033;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; uricontent:"/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp"; flow:to_server,established; nocase; classtype:web-application-activity; sid:1034;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; uricontent:"/Sites/Samples/Knowledge/Push/ViewCode.asp"; flow:to_server,established; nocase; classtype:web-application-activity; sid:1035;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode access"; uricontent:"/Sites/Samples/Knowledge/Search/ViewCode.asp"; flow:to_server,established; nocase; classtype:web-application-activity; sid:1036;  rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS showcode.asp access";flow:to_server,established; uricontent:"/selector/showcode.asp"; nocase; reference:cve,CAN-1999-0736; reference:bugtraq,167; classtype:web-application-activity; sid:1037;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS site server config access";flow:to_server,established; uricontent:"/adsamples/config/site.csc"; nocase;reference:bugtraq,256; classtype:web-application-activity; sid:1038;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS srch.htm access";flow:to_server,established; uricontent:"/samples/isapi/srch.htm"; nocase; classtype:web-application-activity; sid:1039;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS srchadm access";flow:to_server,established; uricontent:"/srchadm"; nocase; classtype:web-application-activity; sid:1040;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS uploadn.asp access";flow:to_server,established; uricontent:"/scripts/uploadn.asp"; nocase; classtype:web-application-activity; sid:1041;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS view source via translate header"; flow:to_server,established; content: "Translate|3a| F"; nocase; reference:arachnids,305; reference:bugtraq,1578; classtype:web-application-activity; sid:1042;  rev:6;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS viewcode.asp access"; uricontent:"/viewcode.asp"; nocase; flow:to_server,established; classtype:web-application-activity; sid:1043;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS webhits access"; uricontent: ".htw"; flow:to_server,established; dsize: >400;reference:arachnids,237; classtype:web-application-activity; sid:1044;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS doctodep.btr access"; uricontent: "doctodep.btr"; flow:to_server,established; classtype:web-application-activity; sid:1726;  rev:3;)# alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"WEB-IIS Unauthorized IP Access Attempt"; flow:to_server,established; content:"403"; content:"Forbidden\:"; classtype:web-application-attack; sid:1045;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS site/iisamples access"; flow:to_server,established; uricontent:"/site/iisamples"; nocase; classtype:web-application-activity; sid:1046;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS CodeRed v2 root.exe access"; flow:to_server,established; uricontent:"scripts/root.exe?"; nocase; classtype:web-application-attack; reference:url,www.cert.org/advisories/CA-2001-19.html; sid:1256;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS outlook web dos"; flow:to_server,established; uricontent:"/exchange/LogonFrm.asp?"; nocase; content:"mailbox="; nocase; content:"|25 25 25|"; classtype:web-application-attack; reference:bugtraq,3223; sid:1283;  rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /scripts/samples/ access"; uricontent:"/scripts/samples/"; nocase; flow:to_server,established; classtype:web-application-attack; sid:1400;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /msadc/samples/ access"; uricontent:"/msadc/samples/"; nocase; flow:to_server,established; classtype:web-application-attack; sid:1401;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS iissamples access"; uricontent:"/iissamples/"; nocase; flow:to_server,established; classtype:web-application-attack; sid:1402;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS multiple decode attempt"; flow:to_server,established; uricontent:"%5c"; uricontent:".."; reference:cve,CAN-2001-0333; classtype:web-application-attack; sid:970;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS iisadmin access";flow:to_server,established; uricontent:"/iisadmin"; nocase; classtype:web-application-attack; sid:993;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS msdac access"; flow:to_server,established; uricontent:"/msdac/"; nocase; classtype:web-application-activity; sid:1285;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS _mem_bin access"; flow:to_server,established; uricontent:"/_mem_bin/"; nocase; classtype:web-application-activity; sid:1286;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS scripts access"; flow:to_server,established; uricontent:"/scripts/"; nocase; classtype:web-application-activity; sid:1287;  rev:5;)
上一页 12
💿 文件大小 458 K
👤 上传用户 jessica12332145
📂 所属分类其他
🏷️ 相关标签

#NIDS #Firestorm #性能 #网络入侵
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -