⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 rpc.rules

📁 This is the snapshot of Snot Latest Rules
💻 RULES
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC yppasswd user update UDP"; flow:to_server; content:"|00 01 86 A9|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,2763; reference:cve,2001-0779; classtype:rpc-portmap-decode; sid:2031; rev:9;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC yppasswd user update TCP"; flow:to_server,established; content:"|00 01 86 A9|"; depth:4; offset:16; content:"|00 00 00 01|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,2763; reference:cve,2001-0779; classtype:rpc-portmap-decode; sid:2032; rev:7;)# alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap ypserv request UDP"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 A4|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:policy security-ips drop; reference:arachnids,12; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2000-1042; reference:cve,2000-1043; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:590; rev:16;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap ypserv request TCP"; flow:to_server,established; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 A4|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:arachnids,12; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2000-1042; reference:cve,2000-1043; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:1276; rev:15;)alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC ypserv maplist request UDP"; flow:to_server; content:"|00 01 86 A4|"; depth:4; offset:12; content:"|00 00 00 0B|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2002-1232; reference:nessus,13976; classtype:rpc-portmap-decode; sid:2033; rev:11;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC ypserv maplist request TCP"; flow:to_server,established; content:"|00 01 86 A4|"; depth:4; offset:16; content:"|00 00 00 0B|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:2034; rev:9;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap network-status-monitor request UDP"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 03 0D|p"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; classtype:rpc-portmap-decode; sid:2035; rev:8;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap network-status-monitor request TCP"; flow:to_server,established; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 03 0D|p"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; classtype:rpc-portmap-decode; sid:2036; rev:7;)alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC network-status-monitor mon-callback request UDP"; flow:to_server; content:"|00 03 0D|p"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; classtype:rpc-portmap-decode; sid:2037; rev:7;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC network-status-monitor mon-callback request TCP"; flow:to_server,established; content:"|00 03 0D|p"; depth:4; offset:16; content:"|00 00 00 01|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; classtype:rpc-portmap-decode; sid:2038; rev:6;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap nlockmgr request UDP"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 B5|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,1372; reference:cve,2000-0508; reference:nessus,10220; classtype:rpc-portmap-decode; sid:2079; rev:9;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap nlockmgr request TCP"; flow:to_server,established; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 B5|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,1372; reference:cve,2000-0508; reference:nessus,10220; classtype:rpc-portmap-decode; sid:2080; rev:8;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap rpc.xfsmd request UDP"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 05 F7|h"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,5072; reference:bugtraq,5075; reference:cve,2002-0359; classtype:rpc-portmap-decode; sid:2081; rev:11;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap rpc.xfsmd request TCP"; flow:to_server,established; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 05 F7|h"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,5072; reference:bugtraq,5075; reference:cve,2002-0359; classtype:rpc-portmap-decode; sid:2082; rev:10;)alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC rpc.xfsmd xfs_export attempt UDP"; flow:to_server; content:"|00 05 F7|h"; depth:4; offset:12; content:"|00 00 00 0D|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,5072; reference:bugtraq,5075; reference:cve,2002-0359; classtype:rpc-portmap-decode; sid:2083; rev:10;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC rpc.xfsmd xfs_export attempt TCP"; flow:to_server,established; content:"|00 05 F7|h"; depth:4; offset:16; content:"|00 00 00 0D|"; within:4; distance:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,5072; reference:bugtraq,5075; reference:cve,2002-0359; classtype:rpc-portmap-decode; sid:2084; rev:9;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap kcms_server request UDP"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 87|}"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:policy balanced-ips drop, policy security-ips drop, service sunrpc; reference:bugtraq,6665; reference:cve,2003-0027; reference:url,www.kb.cert.org/vuls/id/850785; classtype:rpc-portmap-decode; sid:2005; rev:14;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap kcms_server request TCP"; flow:to_server,established; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 87|}"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service sunrpc; reference:bugtraq,6665; reference:cve,2003-0027; reference:url,www.kb.cert.org/vuls/id/850785; classtype:rpc-portmap-decode; sid:2006; rev:13;)alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC kcms_server directory traversal attempt"; flow:to_server,established; content:"|00 01 87|}"; depth:4; offset:16; byte_jump:4,20,relative,align; byte_jump:4,4,relative,align; content:"/../"; distance:0; content:"|00 00 00 00|"; depth:4; offset:8; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service sunrpc; reference:bugtraq,6665; reference:cve,2003-0027; reference:url,www.kb.cert.org/vuls/id/850785; classtype:misc-attack; sid:2007; rev:13;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC sadmind query with root credentials attempt TCP"; flow:to_server,established; content:"|00 01 87 88|"; depth:4; offset:16; content:"|00 00 00 01 00 00 00 01|"; within:8; distance:4; byte_jump:4,8,relative,align; content:"|00 00 00 00|"; within:4; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service sunrpc; classtype:misc-attack; sid:2255; rev:6;)alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC sadmind query with root credentials attempt UDP"; flow:to_server; content:"|00 01 87 88|"; depth:4; offset:12; content:"|00 00 00 01 00 00 00 01|"; within:8; distance:4; byte_jump:4,8,relative,align; content:"|00 00 00 00|"; within:4; metadata:policy balanced-ips drop, policy security-ips drop, service sunrpc; classtype:misc-attack; sid:2256; rev:7;)alert tcp $EXTERNAL_NET any -> $HOME_NET 2049 (msg:"RPC UNIX authentication machinename string overflow attempt TCP"; flow:to_server,established; content:"|00 01 86 A5|"; depth:4; offset:16; content:"|00 00 00 01|"; within:4; distance:8; byte_test:4,>,255,8,relative; isdataat:264,relative; metadata:service sunrpc; reference:bugtraq,20941; reference:cve,2006-5780; classtype:attempted-user; sid:9623; rev:2;)alert udp $EXTERNAL_NET any -> $HOME_NET 2049 (msg:"RPC UNIX authentication machinename string overflow attempt UDP"; flow:to_server; content:"|00 01 86 A5|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; distance:8; byte_test:4,>,255,8,relative; isdataat:264,relative; metadata:service sunrpc; reference:bugtraq,20941; reference:cve,2006-5780; classtype:attempted-user; sid:9624; rev:3;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap BrightStor ARCserve denial of service attempt"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 08|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 00 00 00|"; within:4; distance:4; metadata:service sunrpc; reference:bugtraq,22365; reference:cve,2007-0816; classtype:attempted-dos; sid:10132; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap BrightStor ARCserve denial of service attempt"; flow:to_server,established; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 08|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 00 00 00|"; within:4; distance:4; metadata:service sunrpc; reference:bugtraq,22365; reference:cve,2007-0816; classtype:attempted-dos; sid:10133; rev:3;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap HP-UX Single Logical Screen SLSD udp request"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 05 5C E0|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,22551; reference:cve,2007-0915; classtype:rpc-portmap-decode; sid:10411; rev:4;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap HP-UX Single Logical Screen SLSD udp request"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:" |00 00 01|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,22551; reference:cve,2007-0915; classtype:rpc-portmap-decode; sid:10409; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap HP-UX Single Logical Screen SLSD tcp request"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:" |00 00 01|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,22551; reference:cve,2007-0915; classtype:rpc-portmap-decode; sid:10408; rev:3;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap HP-UX Single Logical Screen SLSD tcp request"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 05 5C E0|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,22551; reference:cve,2007-0915; classtype:rpc-portmap-decode; sid:10410; rev:3;)alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC portmap CA BrightStor ARCserve udp procedure 191 attempt"; flow:to_server; content:"|00 06 09|~"; depth:4; offset:12; content:"|00 00 00 BF|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; metadata:service sunrpc; reference:bugtraq,23209; reference:cve,2007-1785; classtype:rpc-portmap-decode; sid:10485; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap CA BrightStor ARCserve tcp request"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 06 09|~"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; metadata:service sunrpc; reference:bugtraq,23209; reference:cve,2007-1785; classtype:rpc-portmap-decode; sid:10482; rev:3;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt"; flow:established,to_server; content:"|00 06 09|~"; depth:4; offset:16; content:"|00 00 00 BF|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; metadata:service sunrpc; reference:bugtraq,23209; reference:cve,2007-1785; classtype:rpc-portmap-decode; sid:10484; rev:3;)alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap CA BrightStor ARCserve udp request"; flow:to_server; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 06 09|~"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; metadata:service sunrpc; reference:bugtraq,23209; reference:cve,2007-1785; classtype:rpc-portmap-decode; sid:10483; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC portmap mountd tcp z
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -