1440.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
1440

--
Summary:
This event is generated when network traffic indicating the use of a
multimedia application is detected.

--
Impact:
This may be a violation of corporate policy since these applications can
be used to bypass security measures designed to restrict the flow of
corporate information to destinations external to the corporation.

--
Detailed Information:
Multimedia client applications can be used to view movies and listen to
music files. Some also include file sharing facilities. Use of these
programs may constitute a violation of company policy.

Clients may also contain vulnerabilities that can give an attacker an
attack vector for delivering Trojan horse programs and viruses.

--
Affected Systems:
	All systems running multimedia applications

--
Attack Scenarios:
A user can download files from a source external to the protected
network that may contain malicious code hidden in the file giving an
attacker the opportunity to gain access to a host inside the protected
network.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--