[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] SID 1651
From:       Dan Hanson <dhanson () securityfocus ! com>
Date:       2002-08-29 20:59:27
[Download RAW message or body]

snortrulescurrent-020829/web-cgi.rules:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"WEB-CGI enivorn.pl access"; flow:to_server,established;
uricontent:"/enivron.pl"; nocase; classtype:web-application-activity;
sid:1651;  rev:3;)

Seems to me that this rule is in desperate need of a spell checker. As far
as I can tell, there does not exist a perl script archived by google that
answers to the name of "enivorn.pl" or "enivron.pl".

My conclusion is that this SHOULD be environ.pl of which there are
numerous scripts by that name. Is there one in particular that this rule
should be looking for?

--
Dan Hanson
TMS Threat Analyst



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]