[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] Crusoe Researches offer new rule for detecting Sun Web
From: rmkml <rmkml () free ! fr>
Date: 2008-11-09 22:10:16
Message-ID: alpine.NEB.2.00.0811092243380.3309 () znpzvav
[Download RAW message or body]
Hi,
Crusoe Researches offering a new rule for detecting Sun Web Proxy Server http Vary \
header overflow attempt: \
http://www.Crusoe-Researches.com/en/sunwebproxyserverhttpvaryheaderoverflow.txt \
remember to adjust the src port!
Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact@Crusoe-Researches.com
=> Crusoe Researches have more than 3589 UNIQ 'snort' rules for Commercial Access
(Contact me directly if you are interested)
Crusoe Researches support Bro idps v1.4.0 project format rules
(http://www.bro-ids.org/):
signature sid-93588 {
ip-proto == tcp
src-port == http_ports
event "WEB-CLIENT Sun Web Proxy Server Vary header overflow attempt"
tcp-state established,responder
payload /.*[\x0d|\x0a]Vary\:[^\n]{100}/
}
Azwalaro new nidps open source project (WireShark based)
http://www.Crusoe-Researches.com/azwalaro/
azwalaro@Crusoe-Researches.com
http matches "^Vary\:[^\r\n]{100}"
Regards
Rmkml
Crusoe-Researches.com
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic