Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 9

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: exploit.rules,v 1.23 2001/11/26 17:42:55 cazz Exp $
#--------------
# EXPLOIT RULES
#--------------

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"EXPLOIT ssh CRC32 overflow /bin/sh"; flags:A+; content:"/bin/sh"; reference:bugtraq,2347; reference:cve,CVE-2001-0144; classtype:shellcode-detect; sid:1324; rev:1;)
#alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"EXPLOIT ssh CRC32 overflow filler"; flags:A+; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; reference:bugtraq,2347; reference:cve,CVE-2001-0144; classtype:shellcode-detect; sid:1325; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"EXPLOIT ssh CRC32 overflow NOOP"; flags:A+; content:"|90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90|"; reference:bugtraq,2347; reference:cve,CVE-2001-0144; classtype:shellcode-detect; sid:1326; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"EXPLOIT ssh CRC32 overflow"; flags:A+; content:"|00 01 57 00 00 00 18|"; offset:0; depth:7; content:"|FF FF FF FF 00 00|"; offset:8; depth:14; reference:bugtraq,2347; reference:cve,CVE-2001-0144; classtype:shellcode-detect; sid:1327; rev:1;)
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7 client overflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|"; flags: A+; reference:bugtraq,822; reference:arachnids,215; classtype:attempted-user; sid:283; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"EXPLOIT pop2 x86 linux overflow";flags: A+; content:"|eb2c 5b89 d980 c106 39d9 7c07 8001|"; classtype:attempted-admin; sid:284; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 109 (msg:"EXPLOIT pop2 x86 linux overflow";flags: A+; content:"|ffff ff2f 4249 4e2f 5348 00|"; classtype:attempted-admin; sid:285; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 bsd overflow";flags: A+; content:"|5e0 e31c 0b03 b8d7 e0e8 9fa 89f9|"; classtype:attempted-admin; sid:286; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 bsd overflow";flags: A+; content:"|685d 5eff d5ff d4ff f58b f590 6631|"; classtype:attempted-admin; sid:287; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 linux overflow";flags: A+; content:"|d840 cd80 e8d9 ffff ff|/bin/sh"; classtype:attempted-admin; sid:288; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT pop3 x86 sco overflow";flags: A+; content:"|560e 31c0 b03b 8d7e 1289 f989 f9|"; classtype:attempted-admin; sid:289; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"EXPLOIT qpopper overflow";flags: A+; content:"|E8 D9FF FFFF|/bin/sh"; reference:bugtraq,830; reference:cve,CAN-1999-0822; classtype:attempted-admin; sid:290; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 119 (msg:"EXPLOIT NNTP Cassandra Overflow"; flags: A+; content: "AUTHINFO USER"; nocase; dsize: >512; depth: 16; reference:cve,CAN-2000-0341; reference:arachnids,274; classtype:attempted-user; sid:291; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"EXPLOIT x86 linux samba overflow";flags: A+; content:"|eb2f 5feb 4a5e 89fb 893e 89f2|"; reference:bugtraq,1816; reference:cve,CVE-1999-0811; reference:cve,CVE-1999-0182; classtype:attempted-admin; sid:292; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap overflow";flags: A+; content:"|E8 C0FF FFFF|/bin/sh"; classtype:attempted-admin; sid:293; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap x86 linux overflow";flags: A+; content:"|89d8 40cd 80e8 c8ff ffff|/";reference:bugtraq,130; reference:cve,CVE-1999-0005; classtype:attempted-admin; sid:295; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap x86 linux overflow";flags: A+; content:"|eb34 5e8d 1E89 5e0b 31d2 8956 07|";reference:bugtraq,130; reference:cve,CVE-1999-0005; classtype:attempted-admin; sid:296; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap x86 linux overflow";flags: A+; content:"|eb35 5E80 4601 3080 4602 3080 4603 30|";reference:bugtraq,130; reference:cve,CVE-1999-0005; classtype:attempted-admin; sid:297; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap x86 linux overflow";flags: A+; content:"|eb38 5e89f389d880460120804602|"; reference:bugtraq,130; reference:cve,CVE-1999-0005; classtype:attempted-admin; sid:298; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"EXPLOIT imap x86 linux overflow";flags: A+; content:"|eb58 5E31 db83 c308 83c3 0288 5e26|"; reference:bugtraq,130; reference:cve, CVE-1999-0005; classtype:attempted-admin; sid:299; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 2766 (msg:"EXPLOIT nlps x86 solaris overflow";flags: A+; content:"|eb23 5e33 c088 46fa 8946 f589 36|"; classtype:attempted-admin; sid:300; rev:2; reference:bugtraq,2319;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (msg:"EXPLOIT LPRng overflow"; flags: A+; content: "|43 07 89 5B 08 8D 4B 08 89 43 0C B0 0B CD 80 31 C0 FE C0 CD 80 E8 94 FF FF FF 2F 62 69 6E 2F 73 68 0A|"; reference:bugtraq,1712; classtype:attempted-admin; sid:301; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (msg:"EXPLOIT redhat 7.0 lprd overflow"; flags: A+; content:"|58 58 58 58 25 2E 31 37 32 75 25 33 30 30 24 6E|"; classtype:attempted-admin; sid:302; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"EXPLOIT named tsig infoleak"; content: "|AB CD 09 80 00 00 00 01 00 00 00 00 00 00 01 00 01 20 20 20 20 02 61|"; reference:cve,CAN-2000-0010; reference:bugtraq,2302; reference:arachnids,482; classtype:attempted-admin; sid:303; rev:3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 6373 (msg:"EXPLOIT sco calserver overflow";flags: A+; content:"|eb7f 5d55 fe4d 98fe 4d9b|"; reference:bugtraq,2353; classtype:attempted-admin; sid:304; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"EXPLOIT delegate proxy overflow"; content: "whois|3a|//"; nocase; flags: A+; dsize: >1000; reference:arachnids,267; classtype:attempted-admin; sid:305; rev:3; reference:bugtraq,808; reference:cve,CVE-2000-0165;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 9090 (msg:"EXPLOIT VQServer admin"; flags: A+; content:"GET / HTTP/1.1"; nocase; reference:bugtraq,1610; reference:cve,CAN-2000-0766; classtype:attempted-admin; sid:306; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 6666:7000 (msg:"EXPLOIT IRC topic overflow";flags: A+; content:"|eb 4b 5b 53 32 e4 83 c3 0b 4b 88 23 b8 50 77|"; reference:cve,CVE-1999-0672; reference:bugtraq,573; classtype:attempted-user; sid:307; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"EXPLOIT NextFTP client overflow";flags: A+; content:"|b420 b421 8bcc 83e9 048b 1933 c966 b910|"; reference:bugtraq,572; reference:cve,CVE-1999-0671; classtype:attempted-user; sid:308; rev:3;)
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"EXPLOIT sniffit overflow"; flags: A+; content: "from|3A 90 90 90 90 90 90 90 90 90 90 90|"; nocase; dsize: >512; reference:bugtraq,1158; reference:cve,CAN-2000-0343; reference:arachnids,273; classtype:attempted-admin; sid:309; rev:2;)
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"EXPLOIT x86 windows MailMax overflow";flags: A+; content:"|eb45 eb20 5bfc 33c9 b182 8bf3 802b|"; reference:bugtraq,2312; reference:cve,CVE-1999-0404; classtype:attempted-admin; sid:310; rev:2;)
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"EXPLOIT netscape 4.7 unsucessful overflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|"; flags: A+; reference:arachnids,214; classtype:unsuccessful-user; sid:311; rev:2; reference:bugtraq,822;)
alert udp $EXTERNAL_NET any -> $HOME_NET 123 (msg:"EXPLOIT ntpdx overflow attempt"; dsize: >128; reference:arachnids,492; classtype:attempted-admin; sid:312; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 518 (msg:"EXPLOIT ntalkd x86 linux overflow"; content:"|0103 0000 0000 0001 0002 02e8|"; reference:bugtraq,210; classtype:attempted-admin; sid:313; rev:2;)
alert udp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"EXPLOIT BIND Tsig Overflow Attempt"; content:"|80 00 07 00 00 00 00 00 01 3F 00 01 02|/bin/sh"; classtype:attempted-admin; sid:314; rev:3; reference:cve,CAN-2000-0010; reference:bugtraq,2302;)
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"EXPLOIT x86 linux mountd overflow"; content:"|5eb0 0289 06fe c889 4604 b006 8946|"; reference:cve,CVE-1999-0002; classtype:attempted-admin; sid:315; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"EXPLOIT x86 linux mountd overflow"; content:"|eb56 5E56 5656 31d2 8856 0b88 561e|"; reference:cve,CVE-1999-0002; classtype:attempted-admin; sid:316; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 635 (msg:"EXPLOIT x86 linux mountd overflow"; content:"|eb40 5E31 c040 8946 0489 c340 8906|";reference:cve,CVE-1999-0002; classtype:attempted-admin; sid:317; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET 67 (msg:"EXPLOIT bootp x86 bsd overflow"; content:"|6563 686f 206e 6574 726a 7320 7374 7265|"; classtype:attempted-admin; sid:318; rev:2; reference:bugtraq,324; reference:cve,CVE-1999-0914;)
alert udp $EXTERNAL_NET any -> $HOME_NET 67 (msg:"EXPLOIT bootp x86 linux overflow"; content:"|4139 30c0 a801 012f 6269 6e2f 7368 00|"; reference:cve,CVE-1999-0799; reference:cve,CAN-1999-0798; reference:cve,CAN-1999-0389; classtype:attempted-admin; sid:319; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 2224 (msg:"EXPLOIT MDBMS overflow"; content:"|0131 DBCD 80E8 5BFF FFFF|"; reference:bugtraq,1252; reference:cve,CVE-2000-0446; classtype:attempted-admin; sid:1240; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 4242 (msg:"EXPLOIT aix pdnsd overflow"; content:"|7FFF FB78 7FFF FB78 7FFF FB78 7FFF FB78|"; content:"|408A FFC8 4082 FFD8 3B36 FE03 3B76 FE02|"; dsize:>1000; flags:A+; reference:bugtraq,3237; classtype:attempted-user; sid:1261; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 4321 (msg:"EXPLOIT rwhoisd format string attempt"; content:"-soa %p"; flags:A+; reference:bugtraq,3474; classtype:misc-attack; sid:1323; rev:1;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional