exploit.rules

来自「This is the snapshot of Snot Latest Rule」· RULES 代码 · 共 12 行

# Autogenerated skeleton rules file.  Do NOT edit by hand
alert tcp $EXTERNAL_NET any <> $HOME_NET 2513 (msg:"EXPLOIT Citrix MetaFrame IMA authentication processing buffer overflow attempt"; sid:13417; gid:3; rev:1; classtype:attempted-admin; reference:bugtraq,20986; reference:url,support.citrix.com/article/CTX111186; reference:cve,2006-5821; metadata: engine shared, soid 3|13417;)
alert tcp any any -> $HOME_NET 389 (msg:"EXPLOIT Novell eDirectory EventsRequest heap overflow attempt"; sid:13510; gid:3; rev:1; classtype:attempted-admin; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=427; reference:cve,2006-4509; reference:bugtraq,20663; metadata: engine shared, soid 3|13510;)
alert tcp any any -> $HOME_NET 389 (msg:"EXPLOIT Novell eDirectory EventsRequest invalid event count exploit attempt"; sid:13511; gid:3; rev:1; classtype:attempted-admin; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=428; reference:cve,2006-4510; reference:bugtraq,20663; metadata: engine shared, soid 3|13511;)
alert udp any any -> any 68 (msg:"EXPLOIT Microsoft DHCP option overflow attempt"; sid:7196; gid:3; rev:3; classtype:attempted-admin; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-036.mspx; metadata: engine shared, soid 3|7196;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 389 (msg:"EXPLOIT imail ldap buffer overflow exploit attempt"; sid:10480; gid:3; rev:2; classtype:attempted-admin; reference:url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=74; reference:cve,2004-0297; metadata: engine shared, soid 3|10480;)
alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"EXPLOIT Microsoft Works invalid chunk size"; sid:13472; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0108; reference:url,www.microsoft.com/technet/security/bulletin/MS08-011.mspx; metadata: engine shared, soid 3|13472;)
alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"EXPLOIT Microsoft Publisher invalid record overwrite"; sid:13470; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0102; reference:url,www.microsoft.com/technet/security/bulletin/MS08-012.mspx; metadata: engine shared, soid 3|13470;)
alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"EXPLOIT Microsoft Publisher invalid pathname overwrite"; sid:13471; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0104; reference:url,www.microsoft.com/technet/security/bulletin/MS08-012.mspx; metadata: engine shared, soid 3|13471;)
alert udp $EXTERNAL_NET any -> $HOME_NET 1027:5000 (msg:"EXPLOIT Microsoft WINS arbitrary memory modification attempt"; sid:13826; gid:3; rev:2; classtype:attempted-admin; reference:cve,2008-1451; reference:url,www.microsoft.com/technet/security/bulletin/MS08-034.mspx; metadata: engine shared, soid 3|13826, policy balanced-ips drop, policy security-ips drop;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 3128 (msg:"EXPLOIT squid NTLM Authorization buffer overflow exploit attempt"; sid:10481; gid:3; rev:3; classtype:attempted-user; reference:url,www.idefense.com/application/poi/display?id=107; reference:cve,2004-0541; metadata: engine shared, soid 3|10481;)