This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000157-100000164.
They cover vulnerabilities including SQL injection against the ATutor
Learning Content Management System and an ICMP-based denial of service
attack against Linux systems with SCTP enabled. Additionally, SIDs
100000158-100000163 are designed to detect generic denial of service
attacks against SIP-enabled hosts.
Sourcefire would like to thank Jiri Markl for submitting the SIP rules,
David Maciejak for submitting the ATutor rule, and rmkml for submitting
the ICMP DoS rule. As a reminder, anyone who wishes to submit rules may
do so at http://www.snort.org/reg-bin/rulesubmit.cgi.
A list of new rules and their SIDs follows.
Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.
100000157 || COMMUNITY WEB-CGI ATutor password_reminder.php SQL
injection attempt
100000158 || COMMUNITY SIP INVITE message flooding
100000159 || COMMUNITY SIP REGISTER message flooding
100000160 || COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
100000161 || COMMUNITY SIP DNS No such name treshold - Abnormaly high
count of No such name responses
100000162 || COMMUNITY SIP 401 Unauthorized Flood
100000163 || COMMUNITY SIP 407 Proxy Authentication Required Flood
100000164 || COMMUNITY ICMP Linux DoS sctp Exploit
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
