|
Dailydave
mailing list archives
Re: Testing the quickness of signature writers
From: Brian Caswell <bmc () snort org>
Date: Mon, 1 May 2006 20:59:37 -0400
On May 1, 2006, at 5:58 PM, Dave Aitel wrote:
So this is our basic IDS tester of the week. It's in the April CANVAS
release (that's today), and my bet is that NO IDS detects it, since
none of them were brave enough to send me a VM to test. But now
everyone has it, so we'll see if they have the ability to quickly pump
out a signature. It's a easier test than the previous one, so we
expect par time of less than one week. Less than one day is considered
a birdy. :>
If only the wife didn't expect me to eat dinner with the family, then
help the girls with their homework.
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-
PHP horde help module arbitrary command execution attempt";
flow:established,to_server; uricontent:"/services/help/"; pcre:"/[\?
\x3b\x26]module=[a-zA-Z0-9]*[^\x3b\x26]/U"; classtype:web-application-
attack;)
Brian
 By Date 
By Thread
Current thread:
|
Intro
