Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 28

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: tftp.rules,v 1.2 2001/10/29 01:52:54 roesch Exp $
#-----------
# TFTP RULES
#-----------
#
# These signatures are based on TFTP traffic.  These include malicious files
# that are distrubted via TFTP and various TFTP commands that are generally
# thought of as 'bad' 
#

alert udp any any -> any 69 (msg:"TFTP GET Admin.dll"; content: "|41 64 6D 69 6E 2E 64 6C 6C 00 6F 63 74 65 74|"; classtype:successful-admin; reference:url,www.cert.org/advisories/CA-2001-26.html; sid:1289; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 69 (msg:"TFTP Write"; content:"|00 02|"; depth:2; reference:cve,CVE-1999-0183; reference:arachnids,148; classtype:bad-unknown; sid:518; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 69 (msg:"TFTP parent directory"; content:".."; reference:arachnids,137; reference:cve,CVE-1999-0183; classtype:bad-unknown; sid:519; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 69 (msg:"TFTP root directory"; content:"|0001|/"; reference:arachnids,138; reference:cve,CVE-1999-0183; classtype:bad-unknown; sid:520; rev:2;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional