Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 20

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: rpc.rules,v 1.21 2001/11/28 22:08:19 cazz Exp $
#----------
# RPC RULES
#----------

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC snmpXdmi overflow attempt"; flags:a+; content:"|8000 19a0|"; offset:0; depth:4; content:"|00018799|"; offset: 16; reference:bugtraq,2417; reference:cve,CAN-2001-0236; classtype:attempted-admin; sid:569; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC EXPLOIT ttdbserv solaris overflow"; content: "|C0 22 3F FC A2 02 20 09 C0 2C 7F FF E2 22 3F F4|"; flags: A+; dsize: >999; reference:bugtraq,122; reference:cve,CVE-1999-0003; reference:arachnids,242; classtype:attempted-admin; sid:570; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC EXPLOIT ttdbserv Solaris overflow"; flags: A+; dsize: >999; content: "|00 01 86 F3 00 00 00 01 00 00 00 0F 00 00 00 01|"; reference:bugtraq,122; reference:cve,CVE-1999-0003; reference:arachnids,242; classtype:attempted-admin; sid:571; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771:34000 (msg:"RPC DOS ttdbserv solaris"; flags: A+; content: "|00 01 86 F3 00 00 00 01 00 00 00 0F 00 00 00 01|";offset: 16; depth: 32; reference:bugtraq,122; reference:arachnids,241; reference:cve,CVE-1999-0003; classtype:attempted-dos; sid:572; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 634:1400 (msg:"RPC AMD Overflow"; flags: A+; content: "|80 00 04 2C 4C 15 75 5B 00 00 00 00 00 00 00 02|";depth: 32; reference:arachnids,217; classtype:attempted-admin; sid:573; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771: (msg:"RPC NFS Showmount"; flags: A+; content: "|00 01 86 A5 00 00 00 01 00 00 00 05 00 00 00 01|"; offset: 16; depth: 32; reference:arachnids,26; classtype:attempted-recon; sid:574; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request admind"; content:"|01 86 F7 00 00|";offset:40;depth:8; reference:arachnids,18; classtype:rpc-portmap-decode; sid:575; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request admind"; content:"|01 86 F7 00 00|";offset:40;depth:8; reference:arachnids,18; classtype:rpc-portmap-decode; flags:A+; sid:1262; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request amountd"; content:"|01 87 03 00 00|";offset:40;depth:8; reference:arachnids,19;classtype:rpc-portmap-decode; sid:576; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request amountd"; content:"|01 87 03 00 00|";offset:40;depth:8; reference:arachnids,19; classtype:rpc-portmap-decode; flags:A+; sid:1263; rev:3;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request bootparam"; content:"|01 86 BA 00 00|";offset:40;depth:8; reference:arachnids,16; classtype:rpc-portmap-decode; sid:577; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request bootparam"; content:"|01 86 BA 00 00|";offset:40;depth:8; reference:arachnids,16; classtype:rpc-portmap-decode; flags:A+; sid:1264; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request cmsd"; content:"|01 86 E4 00 00|";offset:40;depth:8; reference:arachnids,17; classtype:rpc-portmap-decode; sid:578; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request cmsd"; content:"|01 86 E4 00 00|";offset:40;depth:8; reference:arachnids,17; classtype:rpc-portmap-decode; flags:A+; sid:1265; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request mountd"; content:"|01 86 A5 00 00|";offset:40;depth:8; reference:arachnids,13; classtype:rpc-portmap-decode; sid:579; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request mountd"; content:"|01 86 A5 00 00|";offset:40;depth:8; reference:arachnids,13; classtype:rpc-portmap-decode; flags:A+; sid:1266; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request nisd"; content:"|01 87 cc 00 00|";offset:40;depth:8; reference:arachnids,21; classtype:rpc-portmap-decode; sid:580; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request nisd"; content:"|01 87 cc 00 00|";offset:40;depth:8; reference:arachnids,21; classtype:rpc-portmap-decode; flags:A+; sid:1267; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request pcnfsd"; content:"|02 49 f1 00 00|";offset:40;depth:8; reference:arachnids,22; classtype:rpc-portmap-decode; sid:581; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request pcnfsd"; content:"|02 49 f1 00 00|";offset:40;depth:8; reference:arachnids,22; classtype:rpc-portmap-decode; flags:A+; sid:1268; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rexd";content:"|01 86 B1 00 00|";offset:40;depth:8; reference:arachnids,23; classtype:rpc-portmap-decode; sid:582; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rexd";content:"|01 86 B1 00 00|";offset:40;depth:8; reference:arachnids,23; classtype:rpc-portmap-decode; flags:A+; sid:1269; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rstatd"; content: "|01 86 A1 00 00|"; reference:arachnids,10; classtype:rpc-portmap-decode; sid:583; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rstatd"; content: "|01 86 A1 00 00|"; reference:arachnids,10; classtype:rpc-portmap-decode; flags:A+; sid:1270; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rusers"; content:"|01 86 A2 00 00|";offset:40;depth:8; reference:arachnids,133; classtype:rpc-portmap-decode; flags:A+; sid:1271; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request rusers"; content:"|01 86 A2 00 00|";offset:40;depth:8; reference:arachnids,133; classtype:rpc-portmap-decode; sid:584; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request sadmind"; content:"|01 87 88 00 00|";offset:40;depth:8; reference:arachnids,20; classtype:rpc-portmap-decode; flags:A+; sid:1272; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request sadmind"; content:"|01 87 88 00 00|";offset:40;depth:8; reference:arachnids,20; classtype:rpc-portmap-decode; sid:585; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request selection_svc"; content:"|01 86 AF 00 00|";offset:40;depth:8; reference:arachnids,25; classtype:rpc-portmap-decode; sid:586; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request selection_svc"; content:"|01 86 AF 00 00|";offset:40;depth:8; reference:arachnids,25; classtype:rpc-portmap-decode; flags:A+; sid:1273; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request status"; content:"|01 86 B8 00 00|";offset:40;depth:8; reference:arachnids,15; classtype:rpc-portmap-decode; sid:587; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ttdbserv"; content:"|01 86 F3 00 00|";offset:40;depth:8; reference:arachnids,24; classtype:rpc-portmap-decode; sid:588; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ttdbserv"; content:"|01 86 F3 00 00|";offset:40;depth:8; reference:arachnids,24; classtype:rpc-portmap-decode; flags:A+; sid:1274; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request yppasswd"; content:"|01 86 A9 00 00|";offset:40;depth:8; reference:arachnids,14; classtype:rpc-portmap-decode; sid:589; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request yppasswd"; content:"|01 86 A9 00 00|";offset:40;depth:8; reference:arachnids,14; classtype:rpc-portmap-decode; flags:A+; sid:1275; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ypserv"; content:"|01 86 A4 00 00|";offset:40;depth:8; reference:arachnids,12; classtype:rpc-portmap-decode; flags:A+; sid:1276; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ypserv"; content:"|01 86 A4 00 00|";offset:40;depth:8; reference:arachnids,12; classtype:rpc-portmap-decode; sid:590; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ypupdated"; content:"|01 86 BC 00 00|";offset:40;depth:8; reference:arachnids,125; classtype:rpc-portmap-decode; sid:1277; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request ypupdated"; flags:A+; content:"|01 86 BC 00 00|";offset:40;depth:8; reference:arachnids,125; classtype:rpc-portmap-decode; sid:591; rev:3;)
alert udp $EXTERNAL_NET any -> $HOME_NET 32770: (msg:"RPC rstatd query"; content:"|00 00 00 00 00 00 00 02 00 01 86 A1|";offset:5; reference:arachnids,9;classtype:attempted-recon; sid:592; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32770: (msg:"RPC rstatd query"; flags:A+; content:"|00 00 00 00 00 00 00 02 00 01 86 A1|";offset:5; reference:arachnids,9;classtype:attempted-recon; sid:1278; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request tooltalk"; flags:A+; rpc:100083,*,*; reference:cve,CAN-2001-0717; classtype:rpc-portmap-decode; sid:1298; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request tooltalk"; rpc:100083,*,*; reference:cve,CAN-2001-0717; classtype:rpc-portmap-decode; sid:1299; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request snmpXdmi"; flags:A+; rpc:100249,*,*; reference:bugtraq,2417; classtype:rpc-portmap-decode; sid:593; rev:4;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request snmpXdmi"; rpc:100249,*,*; reference:bugtraq,2417; classtype:rpc-portmap-decode; sid:1279; rev:3;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request espd"; rpc:391029,*,*; reference:cve,CAN-2001-0331; classtype:rpc-portmap-decode; sid:594; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request espd"; rpc:391029,*,*; flags:A+; reference:cve,CAN-2001-0331; classtype:rpc-portmap-decode; sid:595; rev:4;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request yppasswdd"; rpc:100009,*,*; reference:bugtraq,2763; classtype:rpc-portmap-decode; sid:1296; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request yppasswdd"; rpc:100009,*,*; flags:A+; reference:bugtraq,2763; classtype:rpc-portmap-decode; sid:1297; rev:4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111   (msg:"RPC portmap listing"; flags: A+; rpc: 100000,*,*;reference:arachnids,429; classtype:rpc-portmap-decode; sid:596; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771 (msg:"RPC portmap listing"; flags: A+; rpc: 100000,*,*;reference:arachnids,429; classtype:rpc-portmap-decode; sid:597; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 111   (msg:"RPC portmap listing"; content: "|00 01 86 A0 00 00 00 02 00 00 00 04|"; reference:arachnids,429; classtype:rpc-portmap-decode; sid:1280; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 111   (msg:"RPC portmap listing"; flags:A+; content: "|00 01 86 A0 00 00 00 02 00 00 00 04|"; reference:arachnids,429; classtype:rpc-portmap-decode; sid:598; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 32771 (msg:"RPC portmap listing"; flags:A+; content: "|00 01 86 A0 00 00 00 02 00 00 00 04|"; reference:arachnids,429; classtype:rpc-portmap-decode; sid:599; rev:3;)
alert udp $EXTERNAL_NET any -> $HOME_NET 32771 (msg:"RPC portmap listing"; content: "|00 01 86 A0 00 00 00 02 00 00 00 04|"; reference:arachnids,429; classtype:rpc-portmap-decode; sid:1281; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC EXPLOIT statdx"; flags: A+; content: "/bin|c74604|/sh";reference:arachnids,442; classtype:attempted-admin; sid:600; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC EXPLOIT statdx"; content: "/bin|c74604|/sh";reference:arachnids,442; classtype:attempted-admin; sid:1282; rev:1;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional