Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] HELP: More explanation for sid:10135

from [rmkml] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] HELP: More explanation for sid:10135
Date: Wed, 5 Dec 2007 20:23:57 +0100 (CET) 
Hi Rachmat,


flow:established,to_server;


require tcp session established


content:"GET"; nocase;


search single word GET without case


content:"FTP|3A|//"; nocase;


search single FTP://


pcre:"/ftp\x3A\x2F\x2F[\w\x2E\x2F]+[^\x2F]\x3Btype=D/i";


ftp://
and [*word*./]+ (repeated one or more)
and [^/]
and ;type=D
without case

and find exploit example on this url:
  http://www.securityfocus.com/bid/22079/exploit
exploit on bid22079:
  ftp://www.example.com/sample/directory;type=d

and many information on squid bugzilla :
  http://www.squid-cache.org/bugs/show_bug.cgi?id=1857

Best Regards
Rmkml
Crusoe Researches
http://www.Crusoe-Researches.com

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Next by Date:  Re: [Snort-sigs] HELP: More explanation for sid:10135, Joel Esler
Previous by Thread:  [Snort-sigs] HELP: More explanation for sid:10135, Rachmat Hidayat Al Anshar
Next by Thread:  Re: [Snort-sigs] HELP: More explanation for sid:10135, Joel Esler
Indexes:  [Date] [Thread] [Top] [All Lists]