⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 finger.rules

📁 snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具
💻 RULES
字号:
🔍 
# Copyright 2001-2005 Sourcefire, Inc. All Rights Reserved## This file may contain proprietary rules that were created, tested and# certified by Sourcefire, Inc. (the "VRT Certified Rules") as well as# rules that were created by Sourcefire and other third parties and# distributed under the GNU General Public License (the "GPL Rules").  The# VRT Certified Rules contained in this file are the property of# Sourcefire, Inc. Copyright 2005 Sourcefire, Inc. All Rights Reserved.# The GPL Rules created by Sourcefire, Inc. are the property of# Sourcefire, Inc. Copyright 2002-2005 Sourcefire, Inc. All Rights# Reserved.  All other GPL Rules are owned and copyrighted by their# respective owners (please see www.snort.org/contributors for a list of# owners and their respective copyrights).  In order to determine what# rules are VRT Certified Rules or GPL Rules, please refer to the VRT# Certified Rules License Agreement.### $Id: finger.rules,v 1.26.2.2.2.2 2005/05/31 17:13:02 mwatchinski Exp $#-------------# FINGER RULES#-------------#alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER cmd_rootsh backdoor attempt"; flow:to_server,established; content:"cmd_rootsh"; reference:nessus,10070; reference:url,www.sans.org/y2k/TFN_toolkit.htm; reference:url,www.sans.org/y2k/fingerd.htm; classtype:attempted-admin; sid:320; rev:10;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER account enumeration attempt"; flow:to_server,established; content:"a b c d e f"; nocase; reference:nessus,10788; classtype:attempted-recon; sid:321; rev:5;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER search query"; flow:to_server,established; content:"search"; reference:arachnids,375; reference:cve,1999-0259; classtype:attempted-recon; sid:322; rev:10;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER root query"; flow:to_server,established; content:"root"; reference:arachnids,376; classtype:attempted-recon; sid:323; rev:5;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER null request"; flow:to_server,established; content:"|00|"; reference:arachnids,377; classtype:attempted-recon; sid:324; rev:5;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER remote command execution attempt"; flow:to_server,established; content:"|3B|"; reference:arachnids,379; reference:bugtraq,974; reference:cve,1999-0150; classtype:attempted-user; sid:326; rev:9;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER remote command pipe execution attempt"; flow:to_server,established; content:"|7C|"; reference:arachnids,380; reference:bugtraq,2220; reference:cve,1999-0152; classtype:attempted-user; sid:327; rev:8;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER bomb attempt"; flow:to_server,established; content:"@@"; reference:arachnids,381; reference:cve,1999-0106; classtype:attempted-dos; sid:328; rev:8;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER redirection attempt"; flow:to_server,established; content:"@"; reference:arachnids,251; reference:cve,1999-0105; reference:nessus,10073; classtype:attempted-recon; sid:330; rev:9;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER cybercop query"; flow:to_server,established; content:"|0A|     "; depth:10; reference:arachnids,132; reference:cve,1999-0612; classtype:attempted-recon; sid:331; rev:10;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER 0 query"; flow:to_server,established; content:"0"; reference:arachnids,131; reference:arachnids,378; reference:cve,1999-0197; reference:nessus,10069; classtype:attempted-recon; sid:332; rev:8;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER . query"; flow:to_server,established; content:"."; reference:arachnids,130; reference:cve,1999-0198; reference:nessus,10072; classtype:attempted-recon; sid:333; rev:8;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER version query"; flow:to_server,established; content:"version"; classtype:attempted-recon; sid:1541; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER / execution attempt"; flow:to_server,established; content:"/"; pcre:"/^\x2f/smi"; reference:cve,1999-0612; reference:cve,2000-0915; classtype:attempted-recon; sid:3151; rev:3;)

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -