[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] sid 497 commentary
From: Chris Green <cmg () uab ! edu>
Date: 2002-01-26 2:25:12
[Download RAW message or body]
alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any
(msg:"ATTACK RESPONSES file copied ok";
content:"1 file(s) copied"; nocase;
flags:A+; classtype:bad-unknown; sid:497; rev:2;)
remove the 1 from "1 file(s) ... " so that this will catch multiple
file copies.
--
Chris Green <cmg@uab.edu>
To err is human, to moo bovine.
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic