⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 web-misc.rules

📁 snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具
💻 RULES
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC nessus 1.X 404 probe"; flow:to_server,established; uricontent:"/nessus_is_probing_you_"; depth:32; reference:arachnids,301; classtype:web-application-attack; sid:1102; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC nessus 2.x 404 probe"; flow:to_server,established; uricontent:"/NessusTest"; nocase; reference:nessus,10386; classtype:attempted-recon; sid:2585; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Netscape admin passwd"; flow:to_server,established; uricontent:"/admin-serv/config/admpw"; nocase; reference:bugtraq,1579; reference:nessus,10468; classtype:web-application-attack; sid:1103; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC BigBrother access"; flow:to_server,established; uricontent:"/bb-hostsvc.sh?HOSTSVC"; nocase; reference:bugtraq,1455; reference:cve,2000-0638; reference:nessus,10460; classtype:attempted-recon; sid:1105; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ftp.pl attempt"; flow:to_server,established; uricontent:"/ftp.pl?dir=../.."; nocase; reference:bugtraq,1471; reference:cve,2000-0674; reference:nessus,10467; classtype:web-application-attack; sid:1612; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ftp.pl access"; flow:to_server,established; uricontent:"/ftp.pl"; nocase; reference:bugtraq,1471; reference:cve,2000-0674; reference:nessus,10467; classtype:web-application-activity; sid:1107; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Tomcat server snoop access"; flow:to_server,established; uricontent:"/jsp/snp/"; uricontent:".snp"; reference:bugtraq,1532; reference:cve,2000-0760; classtype:attempted-recon; sid:1108; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ROXEN directory list attempt"; flow:to_server,established; uricontent:"/%00"; reference:bugtraq,1510; reference:cve,2000-0671; classtype:attempted-recon; sid:1109; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC apache source.asp file access"; flow:to_server,established; uricontent:"/site/eg/source.asp"; nocase; reference:bugtraq,1457; reference:cve,2000-0628; reference:nessus,10480; classtype:attempted-recon; sid:1110; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Tomcat server exploit access"; flow:to_server,established; uricontent:"/contextAdmin/contextAdmin.html"; nocase; reference:bugtraq,1548; reference:cve,2000-0672; reference:nessus,10477; classtype:attempted-recon; sid:1111; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC http directory traversal"; flow:to_server,established; content:"..|5C|"; reference:arachnids,298; classtype:attempted-recon; sid:1112; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ICQ webserver DOS"; flow:to_server,established; uricontent:".html/......"; nocase; reference:cve,1999-0474; reference:url,www.securiteam.com/exploits/2ZUQ1QAQOG.html; classtype:attempted-dos; sid:1115; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Lotus DelDoc attempt"; flow:to_server,established; uricontent:"?DeleteDocument"; nocase; classtype:attempted-recon; sid:1116; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Lotus EditDoc attempt"; flow:to_server,established; uricontent:"?EditDocument"; nocase; reference:url,www.securiteam.com/exploits/5NP080A1RE.html; classtype:attempted-recon; sid:1117; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ls%20-l"; flow:to_server,established; content:"ls%20-l"; nocase; classtype:attempted-recon; sid:1118; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC mlog.phtml access"; flow:to_server,established; uricontent:"/mlog.phtml"; nocase; reference:bugtraq,713; reference:cve,1999-0068; reference:cve,1999-0346; classtype:attempted-recon; sid:1119; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC mylog.phtml access"; flow:to_server,established; uricontent:"/mylog.phtml"; nocase; reference:bugtraq,713; reference:cve,1999-0068; reference:cve,1999-0346; classtype:attempted-recon; sid:1120; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /etc/passwd"; flow:to_server,established; content:"/etc/passwd"; nocase; classtype:attempted-recon; sid:1122; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ?PageServices access"; flow:to_server,established; uricontent:"?PageServices"; nocase; reference:bugtraq,1063; reference:bugtraq,7621; reference:cve,1999-0269; classtype:attempted-recon; sid:1123; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Ecommerce check.txt access"; flow:to_server,established; uricontent:"/config/check.txt"; nocase; classtype:attempted-recon; sid:1124; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC webcart access"; flow:to_server,established; uricontent:"/webcart/"; nocase; reference:cve,1999-0610; reference:nessus,10298; classtype:attempted-recon; sid:1125; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC AuthChangeUrl access"; flow:to_server,established; uricontent:"_AuthChangeUrl?"; nocase; reference:bugtraq,2110; reference:cve,1999-0407; classtype:attempted-recon; sid:1126; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC convert.bas access"; flow:to_server,established; uricontent:"/scripts/convert.bas"; nocase; reference:bugtraq,2025; reference:cve,1999-0175; classtype:attempted-recon; sid:1127; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC cpshost.dll access"; flow:to_server,established; uricontent:"/scripts/cpshost.dll"; nocase; reference:bugtraq,1811; reference:bugtraq,4002; reference:cve,1999-0360; classtype:attempted-recon; sid:1128; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC .htaccess access"; flow:to_server,established; uricontent:".htaccess"; nocase; classtype:attempted-recon; sid:1129; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC .wwwacl access"; flow:to_server,established; uricontent:".wwwacl"; nocase; classtype:attempted-recon; sid:1130; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC .wwwacl access"; flow:to_server,established; uricontent:".www_acl"; nocase; classtype:attempted-recon; sid:1131; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC cd.."; flow:to_server,established; content:"cd.."; nocase; classtype:attempted-recon; sid:1136; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC guestbook.pl access"; flow:to_server,established; uricontent:"/guestbook.pl"; nocase; reference:arachnids,228; reference:bugtraq,776; reference:cve,1999-0237; reference:cve,1999-1053; reference:nessus,10099; classtype:attempted-recon; sid:1140; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC handler attempt"; flow:to_server,established; uricontent:"/handler"; uricontent:"|7C|"; nocase; reference:arachnids,235; reference:bugtraq,380; reference:cve,1999-0148; reference:nessus,10100; classtype:web-application-attack; sid:1613; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC handler access"; flow:to_server,established; uricontent:"/handler"; nocase; reference:arachnids,235; reference:bugtraq,380; reference:cve,1999-0148; reference:nessus,10100; classtype:web-application-activity; sid:1141; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /.... access"; flow:to_server,established; content:"/...."; classtype:attempted-recon; sid:1142; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC ///cgi-bin access"; flow:to_server,established; uricontent:"///cgi-bin"; nocase; rawbytes; reference:nessus,11032; classtype:attempted-recon; sid:1143; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /cgi-bin/// access"; flow:to_server,established; uricontent:"/cgi-bin///"; nocase; rawbytes; reference:nessus,11032; classtype:attempted-recon; sid:1144; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /~root access"; flow:to_server,established; uricontent:"/~root"; nocase; classtype:attempted-recon; sid:1145; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /~ftp access"; flow:to_server,established; uricontent:"/~ftp"; nocase; classtype:attempted-recon; sid:1662; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Ecommerce import.txt access"; flow:to_server,established; uricontent:"/config/import.txt"; nocase; classtype:attempted-recon; sid:1146; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC cat%20 access"; flow:to_server,established; content:"cat%20"; nocase; reference:bugtraq,374; reference:cve,1999-0039; classtype:attempted-recon; sid:1147; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Ecommerce import.txt access"; flow:to_server,established; uricontent:"/orders/import.txt"; nocase; classtype:attempted-recon; sid:1148; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino catalog.nsf access"; flow:to_server,established; uricontent:"/catalog.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1150; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino domcfg.nsf access"; flow:to_server,established; uricontent:"/domcfg.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1151; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino domlog.nsf access"; flow:to_server,established; uricontent:"/domlog.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1152; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino log.nsf access"; flow:to_server,established; uricontent:"/log.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1153; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino names.nsf access"; flow:to_server,established; uricontent:"/names.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1154; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino mab.nsf access"; flow:to_server,established; uricontent:"/mab.nsf"; nocase; reference:bugtraq,4022; reference:nessus,10953; classtype:attempted-recon; sid:1575; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino cersvr.nsf access"; flow:to_server,established; uricontent:"/cersvr.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1576; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino setup.nsf access"; flow:to_server,established; uricontent:"/setup.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1577; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino statrep.nsf access"; flow:to_server,established; uricontent:"/statrep.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1578; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino webadmin.nsf access"; flow:to_server,established; uricontent:"/webadmin.nsf"; nocase; reference:bugtraq,9900; reference:bugtraq,9901; reference:nessus,10629; classtype:attempted-recon; sid:1579; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino events4.nsf access"; flow:to_server,established; uricontent:"/events4.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1580; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino ntsync4.nsf access"; flow:to_server,established; uricontent:"/ntsync4.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1581; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino collect4.nsf access"; flow:to_server,established; uricontent:"/collect4.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1582; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino mailw46.nsf access"; flow:to_server,established; uricontent:"/mailw46.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1583; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino bookmark.nsf access"; flow:to_server,established; uricontent:"/bookmark.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1584; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino agentrunner.nsf access"; flow:to_server,established; uricontent:"/agentrunner.nsf"; nocase; reference:nessus,10629; classtype:attempted-recon; sid:1585; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Domino mail.box access"; flow:to_server,established; uricontent:"/mail.box"; nocase; reference:bugtraq,881; reference:nessus,10629; classtype:attempted-recon; sid:1586; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Ecommerce checks.txt access"; flow:to_server,established; uricontent:"/orders/checks.txt"; nocase; reference:bugtraq,2281; classtype:attempted-recon; sid:1155; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC apache directory disclosure attempt"; flow:to_server,established; content:"////////"; reference:bugtraq,2503; classtype:attempted-dos; sid:1156; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Netscape PublishingXpert access"; flow:to_server,established; uricontent:"/PSUser/PSCOErrPage.htm"; nocase; reference:cve,2000-1196; reference:nessus,10364; classtype:web-application-activity; sid:1157; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC windmail.exe access"; flow:to_server,established; uricontent:"/windmail.exe"; nocase; reference:arachnids,465; reference:bugtraq,1073; reference:cve,2000-0242; reference:nessus,10365; classtype:attempted-recon; sid:1158; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC webplus access"; flow:to_server,established; uricontent:"/webplus?script"; nocase; reference:bugtraq,1174; reference:bugtraq,1720; reference:bugtraq,1722; reference:bugtraq,1725; reference:cve,2000-1005; classtype:attempted-recon; sid:1159; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Netscape dir index wp"; flow:to_server,established; uricontent:"?wp-"; nocase; reference:arachnids,270; reference:bugtraq,1063; reference:cve,2000-0236; classtype:attempted-recon; sid:1160; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC cart 32 AdminPwd access"; flow:to_server,established; uricontent:"/c32web.exe/ChangeAdminPassword"; nocase; reference:bugtraq,1153; reference:cve,2000-0429; classtype:attempted-recon; sid:1162; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC shopping cart access"; flow:to_server,established; uricontent:"/quikstore.cfg"; nocase; reference:bugtraq,1983; reference:bugtraq,2049; reference:cve,1999-0607; reference:cve,2000-1188; classtype:attempted-recon; sid:1164; rev:10;)
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -