Snort mailing list archives
arachnids_upd v0.3
From: Andreas Östling <andreaso () it su se>
Date: Tue, 8 May 2001 21:43:26 +0200 (CEST)
Hello! I've put up version 0.3 of my little arachNIDS Snort rules updater at http://nitzer.dhs.org/arachnids_upd/ It now has much more easy-to-read output of the rule changes. For example, it may look something like this: ... [+++] Added (new): [+++] alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: P+; content: "|8B C4 83 C0 11 33 C9 66 B9 20 01 80 30 03|";) alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: P+; content: "|33 C0 B0 90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";) alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: P+; content: ".printer"; nocase;) And the next update: ... [///] Modified active: [///] Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: P+; content: "|8B C4 83 C0 11 33 C9 66 B9 20 01 80 30 03|";) New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: A+; content: "|8B C4 83 C0 11 33 C9 66 B9 20 01 80 30 03|";) Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: P+; content: "|33 C0 B0 90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";) New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: A+; content: "|33 C0 B0 90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";) Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: P+; content: ".printer"; nocase;) New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: A+; content: ".printer"; nocase;) Regards, Andreas Östling _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- arachnids_upd v0.3 Andreas Östling (May 08)