[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] Crusoe Researches offer new rule for detecting Sun Web
From:       rmkml <rmkml () free ! fr>
Date:       2008-11-09 22:10:16
Message-ID: alpine.NEB.2.00.0811092243380.3309 () znpzvav
[Download RAW message or body]

Hi,

Crusoe Researches offering a new rule for detecting Sun Web Proxy Server http Vary \
header overflow attempt: \
http://www.Crusoe-Researches.com/en/sunwebproxyserverhttpvaryheaderoverflow.txt \
remember to adjust the src port!

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact@Crusoe-Researches.com
=> Crusoe Researches have more than 3589 UNIQ 'snort' rules for Commercial Access
           (Contact me directly if you are interested)

Crusoe Researches support Bro idps v1.4.0 project format rules
(http://www.bro-ids.org/):
signature sid-93588 {
   ip-proto == tcp
   src-port == http_ports
   event "WEB-CLIENT Sun Web Proxy Server Vary header overflow attempt"
   tcp-state established,responder
   payload /.*[\x0d|\x0a]Vary\:[^\n]{100}/
   }

Azwalaro new nidps open source project (WireShark based)
   http://www.Crusoe-Researches.com/azwalaro/
   azwalaro@Crusoe-Researches.com
   http matches "^Vary\:[^\r\n]{100}"

Regards
Rmkml
Crusoe-Researches.com

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


[prev in list] [next in list] [prev in thread] [next in thread]