Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 4

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: bad-traffic.rules,v 1.7 2001/10/30 05:39:23 cazz Exp $
#------------------
# BAD TRAFFIC RULES
#------------------
# These signatures are representitive of traffic that should never be seen on
# any network.  None of these signatures include datagram content checking 
# and are extremely quick signatures
#

alert tcp $EXTERNAL_NET any <> $HOME_NET 0 (msg:"BAD TRAFFIC tcp port 0 traffic"; sid:524;  classtype:misc-activity; rev:3;)
alert udp $EXTERNAL_NET any <> $HOME_NET 0 (msg:"BAD TRAFFIC udp port 0 traffic"; sid:525;  classtype:misc-activity; rev:4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC data in TCP SYN packet"; flags:S; dsize:>6;  sid:526;  classtype:misc-activity; rev:3;)
alert ip any any <> 127.0.0.0/8 any (msg:"BAD TRAFFIC loopback traffic"; classtype:bad-unknown; sid:528; rev:2;)
alert ip any any -> any any (msg:"BAD TRAFFIC same SRC/DST"; sameip; classtype:bad-unknown; sid:527; rev:2;)
alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC ip reserved bit set"; fragbits:R; sid:523;  classtype:misc-activity; rev:3;)
alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC 0 ttl"; ttl:0; sid:1321;  classtype:misc-activity; rev:4;)
alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC bad frag bits"; fragbits: MD; sid:1322;  classtype:misc-activity; rev:4;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional