Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/s2b/snort_rules2.2/pop2.rules

11 lines
1 KiB
Text
Raw Blame History

# (C) Copyright 2001-2004, Martin Roesch, Brian Caswell, et al.
# All rights reserved.
# $Id: pop2.rules 91 2004-07-15 08:13:57Z rwinslow $
#--------------
# POP2 RULES
#--------------
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"POP2 FOLD overflow attempt"; flow:established,to_server; isdataat:256,relative; content:"FOLD"; pcre:"/^FOLD\s[^\n]{256}/smi"; reference:bugtraq,283; reference:cve,1999-0920; classtype:attempted-admin; sid:1934; rev:6;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"POP2 FOLD arbitrary file attempt"; flow:established,to_server; pcre:"/^FOLD\s+\//smi"; content:"FOLD"; classtype:misc-attack; sid:1935; rev:4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"POP2 x86 Linux overflow"; flow:established,to_server; content:"|EB|,[|89 D9 80 C1 06|9|D9 7C 07 80 01|"; classtype:attempted-admin; sid:284; rev:6;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"POP2 x86 Linux overflow"; flow:established,to_server; content:"|FF FF FF|/BIN/SH|00|"; classtype:attempted-admin; sid:285; rev:6;)
Reference in a new issue View git blame Copy permalink