Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Help

from [Chad Gross] Network Security [Permanent Link]
Subject: [Snort-sigs] Help
Date: Sun, 22 Oct 2006 21:39:33 -0500 


-----Original Message-----
From: snort-sigs-bounces@lists.sourceforge.net
[mailto:snort-sigs-bounces@lists.sourceforge.net] On Behalf Of
snort-sigs-request@lists.sourceforge.net
Sent: Thursday, October 19, 2006 7:49 AM
To: snort-sigs@lists.sourceforge.net
Subject: Snort-sigs Digest, Vol 5, Issue 8

Send Snort-sigs mailing list submissions to
        snort-sigs@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-sigs
or, via email, send a message with subject or body 'help' to
        snort-sigs-request@lists.sourceforge.net

You can reach the person managing the list at
        snort-sigs-owner@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-sigs digest..."


Today's Topics:

   1. Sourcefire VRT Certified Rules Update (Sourcefire VRT)
   2. False Positive (Adam Clinch)
   3. False postive SID 7100 (East, Bill)
   4. Bleeding Edge Threats Daily Update (bleeding@bleedingthreats.net)
   5. Bleeding Edge Threats Daily Update (bleeding@bleedingthreats.net)
   6. Error in oracle rule... (Jay 'Whip' Grizzard)


----------------------------------------------------------------------

Message: 1
Date: Wed, 18 Oct 2006 18:05:19 -0400
From: Sourcefire VRT <research@sourcefire.com>
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
To: Snort Sigs <snort-sigs@lists.sourceforge.net>
Message-ID: <4536A51F.9020008@sourcefire.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has added multiple rules in the spyware-put and
backdoor categories to provide coverage for emerging spyware and trojan
horse threats. The VRT has also updated numerous rules in the FTP
category to accommodate larger default values for FTP services,
additionally reference information has been added and improved
throughout the VRT Certified Rule Set.


Details:
As a result of ongoing research, the Sourcefire VRT has added multiple
rules to the spyware and backdoor rule sets to provide coverage for
emerging threats from these technologies.

A number of rules in the FTP rule category have been updated to
accommodate larger default values in some FTP services.

The VRT has also updated and added reference information throughout the
entire Sourcefire VRT Certified Rule Set.

For a complete list of new and modified rules:

http://www.snort.org/rules/docs/ruleset_changelogs/changes-2006-10-18.ht
ml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFFNqUfMpm0ve0NhMcRAv9SAJ0QLYKWSfVWR2vU0/azL4Bowa/iDQCgooOa
3PR6taVgZFnVslLJYSTYEaU=
=pGnz
-----END PGP SIGNATURE-----



------------------------------

Message: 2
Date: Fri, 29 Sep 2006 20:03:35 +1000
From: Adam Clinch <adam.clinch@gmail.com>
Subject: [Snort-sigs] False Positive
To: snort-sigs@lists.sourceforge.net
Message-ID: <451CEF77.2040301@gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule:  
spyware-put.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"SPYWARE-PUT Adware hxdl runtime detection - crypt user-agent";
flow:to_server,established; content:"User-Agent|3A|"; nocase;
content:"CryptRetrieveObjectByUrl|3A 3A|InetSchemeProvider"; distance:0;
nocase;
pcre:"/^User-Agent\x3A[^\r\n]+CryptRetrieveObjectByUrl\x3A\x3AInetScheme
Provider/smi";
reference:url,www.spywareguide.com/product_show.php?id=516;
reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079;
classtype:misc-activity; sid:7555; rev:1;)

--
Sid:
7555 
--
Summary:
 This event is generated when activity relating to a spyware application
is detected. 
--
Impact:
 Unkown. Possible information disclosure, violation of privacy, possible
violation of policy.
--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:
Triggers on crl.microsoft.com


source addr       dest addr     Ver     Hdr Len         TOS     length
ID      flags 
offset  TTL     chksum
147.10.195.135 
<http://192.168.0.254/acid/acid_stat_ipaddr.php?ip=147.10.195.135&netmas
k=32> 
        131.107.115.28 
<http://192.168.0.254/acid/acid_stat_ipaddr.php?ip=131.107.115.28&netmas
k=32> 
        4       5       0       461     15547   0       0       64
44886

000 : 47 45 54 20 2F 70 6B 69 2F 63 72 6C 2F 70 72 6F   GET /pki/crl/pro
010 : 64 75 63 74 73 2F 43 6F 64 65 53 69 67 6E 50 43   ducts/CodeSignPC
020 : 41 2E 63 72 6C 20 48 54 54 50 2F 31 2E 30 0D 0A   A.crl HTTP/1.0..
030 : 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 55 73 65   Accept: */*..Use
040 : 72 2D 41 67 65 6E 74 3A 20 43 72 79 70 74 52 65   r-Agent: CryptRe
050 : 74 72 69 65 76 65 4F 62 6A 65 63 74 42 79 55 72   trieveObjectByUr
060 : 6C 3A 3A 49 6E 65 74 53 63 68 65 6D 65 50 72 6F   l::InetSchemePro
070 : 76 69 64 65 72 0D 0A 48 6F 73 74 3A 20 63 72 6C   vider..Host: crl
080 : 2E 6D 69 63 72 6F 73 6F 66 74 2E 63 6F 6D 0D 0A   .microsoft.com..
090 : 43 6F 6F 6B 69 65 3A 20 73 5F 6E 72 3D 31 31 35   Cookie: s_nr=115
0a0 : 38 39 38 38 31 37 36 35 35 30 3B 20 57 54 5F 46   8988176550; WT_F
0b0 : 50 43 3D 69 64 3D 31 34 37 2E 31 30 2E 31 39 35   PC=id=147.10.195
0c0 : 2E 31 33 35 2D 31 31 33 34 36 37 32 31 31 32 2E   .135-1134672112.
0d0 : 32 39 38 31 30 33 37 38 3A 6C 76 3D 31 31 35 38   29810378:lv=1158
0e0 : 39 32 33 33 35 37 38 32 30 3A 73 73 3D 31 31 35   923357820:ss=115
0f0 : 38 39 35 32 31 30 35 39 31 30 3B 20 4D 43 31 3D   8952105910; MC1=
100 : 47 55 49 44 3D 39 30 62 34 38 64 36 39 61 63 64   GUID=90b48d69acd
110 : 66 32 65 34 64 61 39 34 61 63 38 63 66 32 33 34   f2e4da94ac8cf234
120 : 61 62 33 61 39 26 48 41 53 48 3D 36 39 38 64 26   ab3a9&HASH=698d&
130 : 4C 56 3D 32 30 30 36 39 26 56 3D 33 3B 20 41 3D   LV=20069&V=3; A=
140 : 49 26 49 3D 41 78 55 46 41 41 41 41 41 41 43 57   I&I=AxUFAAAAAACW
150 : 42 77 41 41 7A 53 39 42 54 35 4A 4A 2B 39 6A 34   BwAAzS9BT5JJ+9j4
160 : 36 46 75 6C 6A 58 30 65 74 67 21 21 0D 0A 43 61   6FuljX0etg!!..Ca
170 : 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 6E 6F 2D   che-Control: no-
180 : 63 61 63 68 65 2C 20 6D 61 78 2D 61 67 65 3D 32   cache, max-age=2
190 : 35 39 32 30 30 0D 0A 0D 0A                        59200....


--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://sourceforge.net/mailarchive/forum.php?forum=snort-sigs/attachment
s/20060929/d1c0cb57/attachment.html 

------------------------------

Message: 3
Date: Wed, 4 Oct 2006 09:51:50 -0400
From: "East, Bill" <eastb@PFFCU.org>
Subject: [Snort-sigs] False postive SID 7100
To: <snort-sigs@lists.sourceforge.net>
Message-ID:
        <DB70207C75570343BD590F95BA86ADBC010D15E9@ccex0505.pffcu.org>

# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule:  BACKDOOR mass connect 1.1 runtime detection - http

--
Sid: 7100

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives: Numara Software, makers of TrackIt! audit software,
also use the UtilMind useragent to pull down content. This is sufficient
to trigger the rule.

--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:




------------------------------

Message: 4
Date: Tue, 17 Oct 2006 21:00:10 -0400 (EDT)
From: bleeding@bleedingthreats.net
Subject: [Snort-sigs] Bleeding Edge Threats Daily Update
To: snort-sigs@lists.sourceforge.net
Message-ID: <20061018010010.65F1A5502A1@gort.offsitefilter.com>
Content-Type: text/plain


[***] Results from Oinkmaster started Tue Oct 17 21:00:10 2006 [***]

[+++]          Added rules:          [+++]

 2003118 - BLEEDING-EDGE VIRUS SHELLCODE Shikata Ga Nai polymorphic
payload (bleeding-virus.rules)
 2003119 - BLEEDING-EDGE VIRUS SHELLCODE ADMutate polymorphic payload
(bleeding-virus.rules)
 2003120 - BLEEDING-EDGE POLICY Possible Image Spam Inbound (3)
(bleeding-policy.rules)
 2003121 - BLEEDING-EDGE docs.google.com Activity
(bleeding-policy.rules)
 2003122 - BLEEDING-EDGE Possible docs.google.com Activity
(bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING
(bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)
(bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)
(bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)
(bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)
(bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)
(bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2003118 - BLEEDING-EDGE POLICY Possible Image Spam Inbound (3)
(bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        # Submitted 2006-10-17 by Adam Nunn

     -> Added to bleeding-sid-msg.map (5):
        2003118 || BLEEDING-EDGE VIRUS SHELLCODE Shikata Ga Nai
polymorphic payload || url,toorcon.org/2006/conference.html?id=29
        2003119 || BLEEDING-EDGE VIRUS SHELLCODE ADMutate polymorphic
payload || url,toorcon.org/2006/conference.html?id=29
        2003120 || BLEEDING-EDGE POLICY Possible Image Spam Inbound (3)
        2003121 || BLEEDING-EDGE docs.google.com Activity ||
url,docs.google.com
        2003122 || BLEEDING-EDGE Possible docs.google.com Activity ||
url,docs.google.com

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2003118 || BLEEDING-EDGE POLICY Possible Image Spam Inbound (3)

     -> Removed from bleeding-virus.rules (2):
        #alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE
VIRUS SHELLCODE Shikata Ga Nai polymorphic payload";
classtype:shellcode-detect; dsize: >26; content: "|d9 74 24 f4|"; pcre:
"/[\x29\x2b\x31\x33]\xc9/sm"; pcre:
"/[\xd9-\xdb\xdd].{1,11}\xd9\x74\x24\xf4.{0,10}[\x58\x5a\x5b\x5d-\x5f]/s
m";  pcre:
"/([\x29\x2b\x31\x33\xb8\xba\xbb\xbe\xbf\xd9-\xdb\xdd][^\x00\xff][^\x00\
xff][^\x00][^\x00\xff][^\x00][^\x00\xff][^\x00\xff][^\x00][^\x00][^\x00]
[^\x00\xff][^\x00\xff][^\x00\xff][^\x00][^\x00][\x31\x83][\x42\x43\x46\x
47\x50\x53\x56-\x58\x5a\x5e\x5f\x70\x72\x73\x77\x78\x7a\x7b\x7e\xc0\xc2\
xc3\xc6\xc7\xe8\xea\xeb\xee\xef][\x04\x0e\x10\x12\x13\x15\x17\xfc][\x03\
x31\x83][\x42\x43\x46\x47\x50\x53\x56-\x58\x5a\x5e\x5f\x70\x72\x73\x77\x
78\x7a\x7b\x7e\xc0\xc2\xc3\xc6\xc7\xe8\xea\xeb\xee\xef][\x04\x0a\x0c\x0e
-\x13\x15\x17\xfc][\x03\x83]..[^\x1d\xe2][^\x0a\xf5])|([\x29\x2b\x31\x33
\xb8\xba\xbb\xbd-\xbf\xd9-\xdb\xdd][^\x00][^\x00][^\x00][^\x00][^\x00][^
\x00][^\x00][^\x00][\x24\
 
xb1\xd9-\xdb\xdd][^\x00][\x58\x5a\x5b\x5d-\x5f\xb8\xba\xbb\xbd-\xbf\xd9]
[^\x00][^\x00][^\x00][^\x00][\x31\x83][\x42\x43\x45-\x47\x50\x53\x55-\x5
8\x5a\x5d-\x5f\x68\x6a\x6b\x6e-\x70\x72\x73\x75\x77\x78\x7a\x7b\x7d\x7e\
xc0\xc2\xc3\xc5-\xc7\xe8\xea\xeb\xed-\xef][\x04\x0e\x12\x17\xfc][\x03\x3
1\x83][\x42\x43\x45-\x47\x50\x53\x55-\x58\x5a\x5d-\x5f\x68\x6a\x6b\x6e-\
x70\x72\x73\x75\x77\x78\x7a\x7b\x7d\x7e\xc0\xc2\xc3\xc5-\xc7\xe8\xea\xeb
\xed-\xef][\x04\x0a\x0e\x12\x13\x17\xfc][\x03\x83]..[^\xe2][^\xf5])/sm";
reference:url,toorcon.org/2006/conference.html?id=29; sid;2003118;
rev:1;)
        #alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE
VIRUS SHELLCODE ADMutate polymorphic payload";
classtype:shellcode-detect; dsize: >45; content: "|e8|"; content: "|ff
ff ff|"; distance: 1; within: 3; pcre:
"/\xeb[\x26-\x7a].{0,20}(\x5e|\x58\x96|\x58\x89\xc6|\x8b\x34\x24\x83\xec
\x04).{0,20}(((\xbb....|\x68....\x5b).{0,20}(\x31\xc9|\x31\xc0\x91))|((\
x31\xc9|\x31\xc0\x91).{0,20}(\xbb....|\x68....\x5b))).{0,20}(\xb1.|\x6a.
\x58\x89\xc1|\x6a.\x66\x59).{0,20}(\x31\x1e|\x93\x31\x06\x93|\x8b\x06\x0
9\xd8\x21\x1e\xf7\x16\x21\x06).{0,20}(\x46|\x83\xc6\x01|\x96\x40\x96).{0
,20}(\x46|\x83\xc6\x01|\x96\x40\x96).{0,20}(\x46|\x83\xc6\x01|\x96\x40\x
96).{0,20}(\x46|\x83\xc6\x01|\x96\x40\x96).{0,20}\xe2[\xa0-\xf9].{0,20}\
xeb[\x06-\x20].{0,20}\xe8[\x7f-\xff]\xff\xff\xff/sm";
reference:url,toorcon.org/2006/conference.html?id=29; sid;2003119;
rev:1;)




------------------------------

Message: 5
Date: Wed, 18 Oct 2006 21:00:09 -0400 (EDT)
From: bleeding@bleedingthreats.net
Subject: [Snort-sigs] Bleeding Edge Threats Daily Update
To: snort-sigs@lists.sourceforge.net
Message-ID: <20061019010009.474F155026A@gort.offsitefilter.com>
Content-Type: text/plain


[***] Results from Oinkmaster started Wed Oct 18 21:00:07 2006 [***]

[///]     Modified active rules:     [///]

 2001850 - BLEEDING-EDGE MALWARE Likely Trojan/Spyware Installer
Requested (1) (bleeding-malware.rules)
 2002093 - BLEEDING-EDGE MALWARE Likely Trojan/Spyware Installer
Requested (2) (bleeding-malware.rules)
 2002697 - BLEEDING-EDGE EXPLOIT CVSTrac filediff Arbitrary Remote Code
Execution (bleeding-exploit.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING
(bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)
(bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)
(bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)
(bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)
(bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)
(bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING
SOURCE (bleeding-botcc-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002692 - BLEEDING-EDGE CURRENT EVENTS Bagle.Gen HTTP Get Traffic -
Possible Infected Host (bleeding.rules)


[*] Non-rule line modifications: [*]
    None.




------------------------------

Message: 6
Date: Fri, 22 Sep 2006 15:57:43 -0700
From: Jay 'Whip' Grizzard <elfchief@lupine.org>
Subject: [Snort-sigs] Error in oracle rule...
To: snort-sigs@lists.sourceforge.net
Message-ID: <20060922225743.GK7734@zash.lupine.org>
Content-Type: text/plain; charset=us-ascii

I'm not certain where the right place to send bug reports in rules to
is,
and haven't been able to find specific data, so I'll try here.

I think that the oracle 'user name buffer overflow attempt' rule (sid
2650) 
is wrong and does not check for the correct string.

It currently reads (relevant snippet):

content:"|28|user="; nocase; isdataat:1000,relative; content:!"|22|";
within:1000

0x28 = (
0x22 = "

... which is basically saying to match on the string "(user=" if there's
not
a quote within the next thousand characters.

What I think it's *supposed* to do is to match if there's not a closing
parenthesis within the next thousand characters, since the string used
in actual requests is "(user=<username>)". 

So I think the rule should actually be (again, relevant snippet):

content:"|28|user="; nocase; isdataat:1000,relative; content:!"|29|";
within:1000

Thanks for your attention.

-jay



------------------------------

------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


End of Snort-sigs Digest, Vol 5, Issue 8
****************************************

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.5/485 - Release Date:
10/19/2006
 
  

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.9/490 - Release Date:
10/20/2006
 


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] Snort Community Rules Update, info+lucretia.ca
Next by Date:  [Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Previous by Thread:  [Snort-sigs] Rule Edit: COMMUNITY BOT GTBot ver command, Blake Hartstein
Next by Thread:  Re: [Snort-sigs] Help, Joel Esler
Indexes:  [Date] [Thread] [Top] [All Lists]