Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] snort-rules update @ Wed Jan 12 11:15:52 2005

from [bmc] Network Security [Permanent Link]
Subject: [Snort-sigs] snort-rules update @ Wed Jan 12 11:15:52 2005
Date: Wed, 12 Jan 2005 11:15:53 -0500 (EST) 
New rules:
3058 - IMAP copy literal overflow attempt (imap.rules, requires 2.1 or later)
3059 - WEB-MISC TLS1 Client_Hello via SSLv2 handshake request (web-misc.rules, 
requires 2.2 or later)
3060 - WEB-MISC TLS1 Client_Hello with pad via SSLv2 handshake request 
(web-misc.rules, requires 2.2 or later)
3061 - MISC distccd command execution attempt (misc.rules)
3062 - WEB-CGI NetScreen SA 5000 delhomepage.cgi access (web-cgi.rules)
3063 - BACKDOOR Vampire 1.2 connection request (backdoor.rules, requires 2.2 or 
later)
3064 - BACKDOOR Vampire 1.2 connection confirmation (backdoor.rules, requires 
2.2 or later)
3065 - IMAP append literal overflow attempt (imap.rules, requires 2.1 or later)
3066 - IMAP append overflow attempt (imap.rules, requires 2.1 or later)
3067 - IMAP examine literal overflow attempt (imap.rules, requires 2.1 or later)
3068 - IMAP examine overflow attempt (imap.rules, requires 2.1 or later)
3069 - IMAP fetch literal overflow attempt (imap.rules, requires 2.1 or later)
3070 - IMAP fetch overflow attempt (imap.rules, requires 2.1 or later)
3071 - IMAP status literal overflow attempt (imap.rules, requires 2.1 or later)
3072 - IMAP status overflow attempt (imap.rules, requires 2.1 or later)
3073 - IMAP subscribe literal overflow attempt (imap.rules, requires 2.1 or 
later)
3074 - IMAP subscribe overflow attempt (imap.rules, requires 2.1 or later)
3075 - IMAP unsubscribe literal overflow attempt (imap.rules, requires 2.1 or 
later)
3076 - IMAP unsubscribe overflow attempt (imap.rules, requires 2.1 or later)
3077 - FTP RNFR overflow attempt (ftp.rules, requires 2.1 or later)
3078 - NNTP SEARCH pattern overflow attempt (nntp.rules, requires 2.1 or later)

Updated rules:
 112 - BACKDOOR BackOrifice access (deleted.rules)
 114 - BACKDOOR netbus active (deleted.rules)
 269 - DOS Land attack (deleted.rules)
 291 - NNTP Cassandra Overflow (deleted.rules)
 299 - IMAP EXPLOIT x86 linux overflow (deleted.rules)
 329 - FINGER cybercop redirection (deleted.rules)
 352 - FTP EXPLOIT x86 linux overflow (deleted.rules)
 513 - MISC Cisco Catalyst Remote Access (deleted.rules)
 542 - CHAT IRC nick change (chat.rules)
 559 - P2P Inbound GNUTella client request (deleted.rules)
 570 - RPC EXPLOIT ttdbserv solaris overflow (deleted.rules)
 571 - RPC EXPLOIT ttdbserv Solaris overflow (deleted.rules)
 615 - SCAN SOCKS Proxy attempt (deleted.rules)
 618 - SCAN Squid Proxy attempt (deleted.rules)
 620 - SCAN Proxy Port 8080 attempt (deleted.rules)
 628 - SCAN nmap TCP (deleted.rules)
 629 - SCAN nmap fingerprint attempt (deleted.rules)
 736 - Virus - Successful eurocalculator execution (deleted.rules)
 738 - Virus - Possible Pikachu Pokemon Virus (deleted.rules)
 970 - WEB-IIS multiple decode attempt (deleted.rules)
 981 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 982 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 983 - WEB-IIS unicode directory traversal attempt (deleted.rules)
1182 - WEB-MISC cgitest.exe attempt (deleted.rules)
1246 - WEB-FRONTPAGE rad overflow attempt (deleted.rules)
1247 - WEB-FRONTPAGE rad overflow attempt (deleted.rules)
1251 - INFO TELNET Bad Login (deleted.rules)
1328 - WEB-ATTACKS /bin/ps command attempt (deleted.rules)
1329 - WEB-ATTACKS ps command attempt (deleted.rules)
1330 - WEB-ATTACKS wget command attempt (deleted.rules)
1331 - WEB-ATTACKS uname -a command attempt (deleted.rules)
1332 - WEB-ATTACKS /usr/bin/id command attempt (deleted.rules)
1333 - WEB-ATTACKS id command attempt (deleted.rules)
1334 - WEB-ATTACKS echo command attempt (deleted.rules)
1335 - WEB-ATTACKS kill command attempt (deleted.rules)
1336 - WEB-ATTACKS chmod command attempt (deleted.rules)
1337 - WEB-ATTACKS chgrp command attempt (deleted.rules)
1338 - WEB-ATTACKS chown command attempt (deleted.rules)
1339 - WEB-ATTACKS chsh command attempt (deleted.rules)
1340 - WEB-ATTACKS tftp command attempt (deleted.rules)
1341 - WEB-ATTACKS /usr/bin/gcc command attempt (deleted.rules)
1342 - WEB-ATTACKS gcc command attempt (deleted.rules)
1343 - WEB-ATTACKS /usr/bin/cc command attempt (deleted.rules)
1344 - WEB-ATTACKS cc command attempt (deleted.rules)
1345 - WEB-ATTACKS /usr/bin/cpp command attempt (deleted.rules)
1346 - WEB-ATTACKS cpp command attempt (deleted.rules)
1347 - WEB-ATTACKS /usr/bin/g++ command attempt (deleted.rules)
1348 - WEB-ATTACKS g++ command attempt (deleted.rules)
1349 - WEB-ATTACKS bin/python access attempt (deleted.rules)
1350 - WEB-ATTACKS python access attempt (deleted.rules)
1351 - WEB-ATTACKS bin/tclsh execution attempt (deleted.rules)
1352 - WEB-ATTACKS tclsh execution attempt (deleted.rules)
1353 - WEB-ATTACKS bin/nasm command attempt (deleted.rules)
1354 - WEB-ATTACKS nasm command attempt (deleted.rules)
1355 - WEB-ATTACKS /usr/bin/perl execution attempt (deleted.rules)
1356 - WEB-ATTACKS perl execution attempt (deleted.rules)
1357 - WEB-ATTACKS nt admin addition attempt (deleted.rules)
1358 - WEB-ATTACKS traceroute command attempt (deleted.rules)
1359 - WEB-ATTACKS ping command attempt (deleted.rules)
1360 - WEB-ATTACKS netcat command attempt (deleted.rules)
1361 - WEB-ATTACKS nmap command attempt (deleted.rules)
1362 - WEB-ATTACKS xterm command attempt (deleted.rules)
1363 - WEB-ATTACKS X application to remote host attempt (deleted.rules)
1364 - WEB-ATTACKS lsof command attempt (deleted.rules)
1365 - WEB-ATTACKS rm command attempt (deleted.rules)
1366 - WEB-ATTACKS mail command attempt (deleted.rules)
1367 - WEB-ATTACKS mail command attempt (deleted.rules)
1368 - WEB-ATTACKS /bin/ls| command attempt (deleted.rules)
1369 - WEB-ATTACKS /bin/ls command attempt (deleted.rules)
1370 - WEB-ATTACKS /etc/inetd.conf access (deleted.rules)
1371 - WEB-ATTACKS /etc/motd access (deleted.rules)
1372 - WEB-ATTACKS /etc/shadow access (deleted.rules)
1373 - WEB-ATTACKS conf/httpd.conf attempt (deleted.rules)
1530 - FTP format string attempt (deleted.rules)
1553 - WEB-CGI /cart/cart.cgi access (deleted.rules)
1631 - CHAT AIM login (chat.rules)
1758 - WEB-MISC b2 access (deleted.rules)
1762 - WEB-CGI phf arbitrary command execution attempt (web-cgi.rules)
1780 - IMAP EXPLOIT partial body overflow attempt (deleted.rules)
1800 - VIRUS Klez Incoming (deleted.rules)
1945 - WEB-IIS unicode directory traversal attempt (deleted.rules)
2102 - NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt 
(deleted.rules)
2384 - NETBIOS SMB NTLMSSP invalid mechlistMIC attempt (deleted.rules)
2385 - NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt (deleted.rules)
2498 - IMAP SSLv3 invalid timestamp attempt (deleted.rules)
2499 - MISC LDAP SSLv3 invalid timestamp attempt (deleted.rules)
2503 - SMTP SSLv3 invalid timestamp attempt (deleted.rules)
2506 - WEB-MISC SSLv3 invalid timestamp attempt (deleted.rules)
2570 - WEB-MISC Invalid HTTP Version String (web-misc.rules, requires 2.1 or 
later)
2600 - ORACLE add_grouped_column ordered sname/oname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2604 - ORACLE create_mview_repgroup ordered fname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2607 - ORACLE comment_on_repobject ordered type buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2610 - ORACLE cancel_statistics ordered sname/oname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2613 - ORACLE revoke_surrogate_repcat ordered userid buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2616 - ORACLE grant_surrogate_repcat ordered userid buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2618 - ORACLE alter_mview_propagation ordered gname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2620 - ORACLE alter_master_repobject ordered type buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2625 - ORACLE unregister_user_repgroup ordered privilege_type buffer overflow 
attempt (deleted.rules, requires 2.1 or later)
2628 - ORACLE repcat_import_check ordered gowner/gname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2630 - ORACLE register_user_repgroup ordered privilege_type buffer overflow 
attempt (deleted.rules, requires 2.1 or later)
2632 - ORACLE refresh_mview_repgroup ordered gowner buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2634 - ORACLE rectifier_diff ordered sname1 buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2636 - ORACLE snapshot.end_load ordered gname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2638 - ORACLE drop_master_repobject ordered type buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2640 - ORACLE drop_mview_repgroup ordered gowner/gname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2642 - ORACLE drop_site_instantiation ordered refresh_template_name buffer 
overflow attempt (deleted.rules, requires 2.1 or later)
2646 - ORACLE instantiate_offline ordered refresh_template_name buffer overflow 
attempt (deleted.rules, requires 2.1 or later)
2648 - ORACLE instantiate_online ordered refresh_template_name buffer overflow 
attempt (deleted.rules, requires 2.1 or later)
2653 - ORACLE og.begin_load ordered gname buffer overflow attempt 
(deleted.rules, requires 2.1 or later)
2671 - WEB-CLIENT bitmap BitmapOffset integer overflow attempt 
(web-client.rules, requires 2.1 or later)
2673 - WEB-CLIENT libpng tRNS overflow attempt (web-client.rules, requires 2.1 
or later)
2923 - NETBIOS SMB repeated logon failure (netbios.rules, requires 2.1 or later)
2924 - NETBIOS SMB-DS repeated logon failure (netbios.rules, requires 2.1 or 
later)
2927 - NNTP XPAT pattern overflow attempt (nntp.rules, requires 2.1 or later)
3013 - BACKDOOR Asylum 0.1 connection request (backdoor.rules, requires 2.2 or 
later)
3014 - BACKDOOR Asylum 0.1 connection established (backdoor.rules, requires 2.2 
or later)



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] snort-rules update @ Wed Jan 12 11:15:52 2005, bmc <=
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] sid 2590 false positives, Stewart James
Next by Thread:  [Snort-sigs] snortcenter2 and updates of bleeding snort rulesets, Brandon Rodak
Indexes:  [Date] [Thread] [Top] [All Lists]