Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 33

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: web-frontpage.rules,v 1.12 2001/10/29 01:52:54 roesch Exp $
#--------------------
# WEB-FRONTPAGE RULES
#--------------------

alert TCP $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE rad overflow attempt"; uricontent:"/fp30reg.dll"; nocase; dsize: >258; flags: A+; classtype:web-application-attack; reference:arachnids,555; reference:bugtraq,2906; reference: cve,CAN-2001-0341; sid:1246; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE rad overflow attempt"; uricontent: "/fp4areg.dll"; nocase; dsize: >259; flags: A+; reference:cve,CAN-2001-0341; reference:bugtraq,2906; classtype:web-application-attack; sid:1247; rev:3;)
alert TCP $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE rad fp30reg.dll access"; uricontent:"/fp30reg.dll"; nocase; flags:A+; classtype:web-application-activity; reference:arachnids,555; reference:bugtraq,2906; reference: cve,CAN-2001-0341; sid:1248; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE frontpage rad fp4areg.dll access"; uricontent: "/fp4areg.dll"; nocase; flags: A+; reference:cve,CAN-2001-0341; reference:bugtraq,2906; classtype:web-application-activity; sid:1249; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE _vti_rpc access"; flags: A+; uricontent:"/_vti_rpc"; nocase; reference:bugtraq,2144; classtype:web-application-activity; sid:937; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE posting"; flags: A+; content:"POST"; uricontent:"/author.dll"; nocase; classtype:web-application-activity; sid:939; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE shtml.dll"; uricontent: "/_vti_bin/shtml.dll"; nocase; flags:A+; reference:arachnids,292; classtype:web-application-activity; sid:940; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE contents.htm access";flags: A+; uricontent:"/admcgi/contents.htm"; nocase; classtype:web-application-activity; sid:941; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE orders.htm access";flags: A+; uricontent:"/_private/orders.htm"; nocase; classtype:web-application-activity; sid:942; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpsrvadm.exe access";flags: A+; uricontent:"/fpsrvadm.exe"; nocase; classtype:web-application-activity; sid:943; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpremadm.exe access";flags: A+; uricontent:"/fpremadm.exe"; nocase; classtype:web-application-activity; sid:944; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpadmin.htm access";flags: A+; uricontent:"/admisapi/fpadmin.htm"; nocase; classtype:web-application-activity; sid:945; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fpadmcgi.exe access";flags: A+; uricontent:"/scripts/Fpadmcgi.exe"; nocase; classtype:web-application-activity; sid:946; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE orders.txt access";flags: A+; uricontent:"/_private/orders.txt"; nocase; classtype:web-application-activity; sid:947; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE form_results access";flags: A+; uricontent:"/_private/form_results.txt"; nocase; classtype:web-application-activity; sid:948; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE registrations.htm access";flags: A+; uricontent:"/_private/registrations.htm"; nocase; classtype:web-application-activity; sid:949; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE cfgwiz.exe access";flags: A+; uricontent:"/cfgqiz.exe"; nocase; classtype:web-application-activity; sid:950; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE authors.pwd access";flags: A+; uricontent:"/authors.pwd"; nocase; classtype:web-application-activity; sid:951; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE author.exe access";flags: A+; uricontent:"/_vti_bin/_vti_aut/author.exe"; nocase; classtype:web-application-activity; sid:952; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE administrators.pwd";flags: A+; uricontent:"/administrators.pwd"; nocase; reference:bugtraq,1205; classtype:web-application-activity; sid:953; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE form_results.htm access";flags: A+; uricontent:"/_private/form_results.htm"; nocase; classtype:web-application-activity; sid:954; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE access.cnf access";flags: A+; uricontent:"/_vti_pvt/access.cnf"; nocase; classtype:web-application-activity; sid:955; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE register.txt access";flags: A+; uricontent:"/_private/register.txt"; nocase; classtype:web-application-activity; sid:956; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE registrations.txt access";flags: A+; uricontent:"/_private/registrations.txt"; nocase; classtype:web-application-activity; sid:957; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE service.cnf access";flags: A+; uricontent:"/_vti_pvt/service.cnf"; nocase; classtype:web-application-activity; sid:958; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE service.pwd";flags: A+; uricontent:"/service.pwd"; nocase;reference:bugtraq,1205; classtype:web-application-activity; sid:959; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE service.stp access";flags: A+; uricontent:"/_vti_pvt/service.stp"; nocase; classtype:web-application-activity; sid:960; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE services.cnf access";flags: A+; uricontent:"/_vti_pvt/services.cnf"; nocase; classtype:web-application-activity; sid:961; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE shtml.exe access";flags: A+; uricontent:"/_vti_bin/shtml.exe"; nocase; reference:cve,CAN-2000-0413; reference:cve,CAN-2000-0709; reference:bugtraq,1608; reference:bugtraq,1174; classtype:web-application-activity; sid:962; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE svcacl.cnf access"; flags:A+; uricontent:"/_vti_pvt/svcacl.cnf"; nocase; classtype:web-application-activity; sid:963; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE users.pwd access"; flags:A+; uricontent:"/users.pwd"; nocase; classtype:web-application-activity; sid:964; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE writeto.cnf access";flags: A+; uricontent:"_vti_pvt/writeto.cnf"; nocase; classtype:web-application-activity; sid:965; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE fourdots request"; flags: A+; content: "|2e 2e 2e 2e 2f|"; nocase; reference:bugtraq,989; reference:cve,CAN-2000-0153; reference:arachnids,248; classtype:web-application-attack; sid:966; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE dvwssr.dll access"; flags: A+; uricontent: "/dvwssr.dll"; nocase; reference:bugtraq,1108; reference:cve,CVE-2000-0260; reference:arachnids,271; classtype:web-application-activity; sid:967; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE register.htm access";flags: A+; uricontent:"/_private/register.htm"; nocase; classtype:web-application-activity; sid:968; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-FRONTPAGE /_vti_bin/ access";flags: A+; uricontent:"/_vti_bin/"; nocase; classtype:web-application-activity; sid:1288; rev:2;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional