Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] Crusoe Researches offer new rule for detecting IE html

from [rmkml] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] Crusoe Researches offer new rule for detecting IE html Style crashie vulnerability
Date: Fri, 29 Feb 2008 10:04:11 +0100 (CET) 
and exceptionnaly, Crusoe Researches temporarily publish exploit for remote 
testing your idps solution ... :
  http://www.Crusoe-Researches.com/iecrash.html
Another vulnerability (and rules for detect and blocking) is available 
Commercially ...
If your existing proxy/ids/ips/hids solution not detect/block: contact me ...
Regards
Rmkml

On Fri, 29 Feb 2008, rmkml wrote:


Date: Fri, 29 Feb 2008 09:27:00 +0100 (CET)
From: rmkml <rmkml@free.fr>
To: Snort-sigs@lists.sourceforge.net
Cc: contact@Crusoe-Researches.com
Subject: [Snort-sigs] Crusoe Researches offer new rule for detecting IE html
    Style crashie vulnerability

Hi,

Crusoe Researches offering a new rule for detecting IE html Style crashie 
vulnerability (related to ICQ):

http://www.Crusoe-Researches.com/en/iehtmlstylecrashievulnerability.txt

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact@Crusoe-Researches.com
=> Crusoe Researches have more than 2626 UNIQ 'snort' rules for Commercial 
Access
        (Contact me directly if you are interested)

Crusoe Researches support Bro idps project format rules 
(http://www.bro-ids.org/):
signature sid-92626 {
  ip-proto == tcp
  event "WEB-CLIENT IE html style * position relative DoS attempt"
  tcp-state established,responder
  payload 
/.*\<[sS][tT][yY][lL][eE][^a-zA-Z0-9](.){0,10}*(.){0,15}[pP][oO][sS][iI][tT][iI][oO][nN](.){0,15}[rR][eE][lL][aA][tT][iI][vV][eE](.){0,15}<\/style/
  }


Azwalaro new nidps open source project (WireShark based)
 http://www.Crusoe-Researches.com/azwalaro/
 azwalaro@Crusoe-Researches.com
http matches 
"(?i)<style[^a-z0-9](.){0,10}\\*(.){0,15}position(.){0,15}relative(.){0,15}</style"

Regards
Rmkml

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Crusoe Researches offer new rule for detecting IE html Style crashie vulnerability, rmkml
Next by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Thread:  [Snort-sigs] Crusoe Researches offer new rule for detecting IE html Style crashie vulnerability, rmkml
Indexes:  [Date] [Thread] [Top] [All Lists]