[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] typos in info.rules
From: Erik Fichtner <emf () servervault ! com>
Date: 2001-07-10 21:49:33
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
in info.rules (from cvs):
alert tcp $HOME_NET 21 -> $EXTERNAL_NET any (msg:"FTP Bad login"; content:"Login \
failed."; nocase; flags:A+; flags:A+; classtype:bad-unknown; sid:491; rev:1;) alert \
tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET Bad Login"; flags: A+; content: \
"530 Login "; flags:A+; classtype:bad-unknown; sid:492; rev:1;)
The content:'s are wrong in these two rules.
Bad ftp logins are "530 Login incorrect" not "Login failed."
Most telnet servers return "Login incorrect", not "Login failed." either.
- --
Erik Fichtner
Security Administrator, ServerVault, Inc.
703-333-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7S3hsQ7EzrewLMS0RAhlCAKCYGZjwVOP3ziSJ4A5NQWF6g6GftQCeJUt8
5vG/9r1mP7EVwoZLqqTpaNI=
=N6pb
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic