'[snort-cvs] CVS: snort telnet.rules,1.9,1.10'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-cvs
Subject:    [snort-cvs] CVS: snort telnet.rules,1.9,1.10
From:       Martin Roesch <roesch () users ! sourceforge ! net>
Date:       2001-07-25 3:27:28
[Download RAW message or body]

Update of /cvsroot/snort/snort
In directory usw-pr-cvs1:/tmp/cvs-serv27953

Modified Files:
	telnet.rules 
Log Message:
* yes, I did invent the language and I'm capable of writing rules in it...


Index: telnet.rules
===================================================================
RCS file: /cvsroot/snort/snort/telnet.rules,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** telnet.rules	2001/07/25 03:13:20	1.9
--- telnet.rules	2001/07/25 03:27:26	1.10
***************
*** 15,18 ****
  alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET login incorrect"; \
content:"Login incorrect"; flags: A+; reference:arachnids,127; classtype:bad-unknown; \
sid:718; rev:1;)  alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET root \
                login"; content:"login\: root"; flags: A+; classtype:bad-unknown; \
                sid:719; rev:1;)
! alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (flags: A+; content: "|0D0A|[Yes]|0D0A \
FFFE 08FF FD26|"; msg: "TESO *BSD Telnet exploit query response"; classtype: \
attempted-admin; sid: 1252; rev: 1; reference: bugtraq,3064; \
                reference:cve,CAN-2001-0554)
! alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (flags: A+; dsize: >200; content: "|FF \
F6 FF F6 FF FB 08 FF F6|; offset: 200; depth: 50; msg: "TESO *BSD Telnet client \
exploit finishing"; classtype: successful-admin; sid: 1253; rev: 1; reference: \
                bugtraq,3064; reference:cve,CAN-2001-0554)
--- 15,18 ----
  alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET login incorrect"; \
content:"Login incorrect"; flags: A+; reference:arachnids,127; classtype:bad-unknown; \
sid:718; rev:1;)  alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET root \
                login"; content:"login\: root"; flags: A+; classtype:bad-unknown; \
                sid:719; rev:1;)
! alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (flags: A+; content: "|0D0A|[Yes]|0D0A \
FFFE 08FF FD26|"; msg: "TESO *BSD Telnet exploit query response"; classtype: \
attempted-admin; sid: 1252; rev: 1; reference: bugtraq,3064; \
                reference:cve,CAN-2001-0554;)
! alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (flags: A+; dsize: >200; content: "|FF \
F6 FF F6 FF FB 08 FF F6|"; offset: 200; depth: 50; msg: "TESO *BSD Telnet client \
exploit finishing"; classtype: successful-admin; sid: 1253; rev: 1; reference: \
bugtraq,3064; reference:cve,CAN-2001-0554;)


_______________________________________________
Snort-cvsinfo mailing list
Snort-cvsinfo@lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/snort-cvsinfo


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic