⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 web-client.rules

📁 This is the snapshot of Snot Latest Rules
💻 RULES
📖 第 1 页 / 共 2 页
字号:
🔍
12 
alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Internet Explorer request header overwrite"; sid:13834; gid:3; rev:1; classtype:misc-activity; reference:cve,2008-1544; reference:url,www.microsoft.com/technet/security/bulletin/MS08-031.mspx; metadata: engine shared, soid 3|13834, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT sapi.dll ActiveX clsid access"; sid:13828; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0675; reference:url,www.microsoft.com/technet/security/bulletin/MS08-032.mspx; metadata: engine shared, soid 3|13828, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT sapi.dll ActiveX clsid unicode access"; sid:13829; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0675; reference:url,www.microsoft.com/technet/security/bulletin/MS08-032.mspx; metadata: engine shared, soid 3|13829, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT sapi.dll alternate killbit ActiveX clsid access"; sid:13830; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0675; reference:url,www.microsoft.com/technet/security/bulletin/MS08-032.mspx; metadata: engine shared, soid 3|13830, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT sapi.dll alternate killbit ActiveX clsid unicode access"; sid:13831; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0675; reference:url,www.microsoft.com/technet/security/bulletin/MS08-032.mspx; metadata: engine shared, soid 3|13831, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT backweb ActiveX clsid access"; sid:13832; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0675; reference:url,www.microsoft.com/technet/security/bulletin/MS08-032.mspx; metadata: engine shared, soid 3|13832, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT backweb ActiveX clsid unicode access"; sid:13833; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0675; reference:url,www.microsoft.com/technet/security/bulletin/MS08-032.mspx; metadata: engine shared, soid 3|13833, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Windows Event System ActiveX clsid access"; sid:13975; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1457; reference:url,www.microsoft.com/technet/security/bulletin/MS08-049.mspx; metadata: engine shared, soid 3|13975, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Windows Event System ActiveX clsid unicode access"; sid:13976; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1457; reference:url,www.microsoft.com/technet/security/bulletin/MS08-049.mspx; metadata: engine shared, soid 3|13976, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Windows Event System ActiveX function call access"; sid:13977; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1457; reference:url,www.microsoft.com/technet/security/bulletin/MS08-049.mspx; metadata: engine shared, soid 3|13977, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Windows Event System ActiveX function call unicode access"; sid:13978; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1457; reference:url,www.microsoft.com/technet/security/bulletin/MS08-049.mspx; metadata: engine shared, soid 3|13978, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Windows Event System Subscription VBScript access"; sid:13979; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1457; reference:url,www.microsoft.com/technet/security/bulletin/MS08-049.mspx; metadata: engine shared, soid 3|13979, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Internet Explorer MHTML zone control bypass attempt"; sid:13962; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1448; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-048.mspx; metadata: engine shared, soid 3|13962, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT RTF control word overflow attempt"; sid:13803; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1091; reference:url,www.microsoft.com/technet/security/bulletin/ms08-026.mspx; metadata: engine shared, soid 3|13803, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Word malformed css remote code execution attempt"; sid:13790; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1434; reference:url,www.microsoft.com/technet/security/bulletin/MS08-026.mspx; metadata: engine shared, soid 3|13790, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT malformed mjpeg arbitrary code execution attempt"; sid:13824; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0011; reference:url,www.microsoft.com/technet/security/bulletin/MS08-033.mspx; metadata: engine shared, soid 3|13824, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT DirectX SAMI file parsing buffer overflow attempt"; sid:13823; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1444; reference:url,www.microsoft.com/technet/security/bulletin/MS08-033.mspx; metadata: engine shared, soid 3|13823, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft malware protection engine denial of service attempt"; sid:13798; gid:3; rev:1; classtype:attempted-dos; reference:cve,2008-1437; reference:url,www.microsoft.com/technet/security/bulletin/MS08-029.mspx; metadata: engine shared, soid 3|13798, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft malware protection engine denial of service attempt"; sid:13802; gid:3; rev:1; classtype:attempted-dos; reference:cve,2008-1438; reference:url,www.microsoft.com/technet/security/bulletin/MS08-029.mspx; metadata: engine shared, soid 3|13802, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Color Management System EMF file processing overflow attempt"; sid:13954; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-2245; reference:url,www.microsoft.com/technet/security/bulletin/ms08-046.mspx; metadata: engine shared, soid 3|13954, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Internet Explorer argument validation in print preview handling vulnerability"; sid:13963; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-2259; reference:url,www.microsoft.com/technet/security/bulletin/ms08-045.mspx; metadata: engine shared, soid 3|13963, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Internet Explorer http status response memory corruption vulnerability"; sid:13980; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-2256; reference:url,www.microsoft.com/technet/security/bulletin/MS08-045.mspx; metadata: engine shared, soid 3|13980, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Internet Explorer span frontier parsing memory corruption"; sid:13964; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-2254; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-045.mspx; metadata: engine shared, soid 3|13964, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt"; sid:13960; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-2255; reference:url,www.microsoft.com/technet/security/bulletin/MS08-045.mspx; metadata: engine shared, soid 3|13960, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Internet Explorer table layout access violation vulnerability"; sid:13961; gid:3; rev:1; classtype:misc-attack; reference:cve,2008-2258; reference:url,www.microsoft.com/technet/security/bulletin/ms08-045.mspx; metadata: engine shared, soid 3|13961, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Internet Explorer XHTML element memory corruption attempt"; sid:13974; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-2257; reference:url,www.microsoft.com/technet/security/bulletin/MS08-045.mspx; metadata: engine shared, soid 3|13974, service http;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel country record arbitrary code execution attempt"; sid:13972; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-3006; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-043.mspx; metadata: engine shared, soid 3|13972, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel format record code execution attempt"; sid:13973; gid:3; rev:1; classtype:misc-attack; reference:cve,2008-3005; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-043.mspx; metadata: engine shared, soid 3|13973, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel malformed chart arbitrary code execution attempt"; sid:13981; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-3004; reference:url,www.microsoft.com/technet/security/bulletin/ms08-43.mspx; metadata: engine shared, soid 3|13981, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Message System ActiveX clsid access"; sid:13965; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0082; reference:url,www.microsoft.com/technet/security/bulletin/MS08-050.mspx; metadata: engine shared, soid 3|13965, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Message System ActiveX clsid unicode access"; sid:13966; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0082; reference:url,www.microsoft.com/technet/security/bulletin/MS08-050.mspx; metadata: engine shared, soid 3|13966, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Message System ActiveX function call access"; sid:13967; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0082; reference:url,www.microsoft.com/technet/security/bulletin/MS08-050.mspx; metadata: engine shared, soid 3|13967, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Message System ActiveX function call unicode access"; sid:13968; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0082; reference:url,www.microsoft.com/technet/security/bulletin/MS08-050.mspx; metadata: engine shared, soid 3|13968, service http, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft malformed saved search heap corruption attempt"; sid:13893; gid:3; rev:1; classtype:attempted-admin; reference:cve,2008-1435; reference:url,www.microsoft.com/technet/security/bulletin/MS08-038.mspx; metadata: engine shared, soid 3|13893, policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Access obfuscated download attempt"; sid:13626; gid:3; rev:1; classtype:suspicious-filename-detect; reference:cve,2008-1092; reference:url,www.microsoft.com/technet/security/advisory/950627.mspx; reference:url,www.microsoft.com/technet/security/bulletin/MS08-028.mspx; metadata: engine shared, soid 3|13626;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Access JSDB obfuscated download attempt"; sid:13629; gid:3; rev:1; classtype:suspicious-filename-detect; reference:cve,2008-1092; reference:url,www.microsoft.com/technet/security/advisory/950627.mspx; reference:url,www.microsoft.com/technet/security/bulletin/MS08-028.mspx; metadata: engine shared, soid 3|13629;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Access TJDB obfuscated download attempt"; sid:13630; gid:3; rev:1; classtype:suspicious-filename-detect; reference:cve,2008-1092; reference:url,www.microsoft.com/technet/security/advisory/950627.mspx; reference:url,www.microsoft.com/technet/security/bulletin/MS08-028.mspx; metadata: engine shared, soid 3|13630;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Access MSISAM obfuscated download attempt"; sid:13633; gid:3; rev:1; classtype:suspicious-filename-detect; reference:cve,2008-1092; reference:url,www.microsoft.com/technet/security/advisory/950627.mspx; reference:url,www.microsoft.com/technet/security/bulletin/MS08-028.mspx; metadata: engine shared, soid 3|13633;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Access hciR obfuscated download attempt"; sid:13634; gid:3; rev:1; classtype:suspicious-filename-detect; reference:cve,2008-1092; reference:url,www.microsoft.com/technet/security/advisory/950627.mspx; reference:url,www.microsoft.com/technet/security/bulletin/MS08-028.mspx; metadata: engine shared, soid 3|13634;)alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt"; sid:10126; gid:3; rev:3; classtype:misc-attack; reference:cve,2005-0903; reference:bugtraq,12905; metadata: engine shared, soid 3|10126;)
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -