Snort mailing list archives

rule question

From: cdowns <cdowns () skillsoft com>
Date: Tue, 25 Sep 2001 11:44:06 -0400

I have created this rule for one of my IDS boxses but there is something
wrong does anyone see what could be wrong with this ? im overlooking
something simple im sure.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 3052 (msg:WEB-MISC APC
Network dot dot Bug"; uricontent:"/\../\../\../\..\/\../WINNT/repair/";
flags:A+; class
type:attempted-admin;)

thanks
-D

--
--------------------------------
 Network Security Administrator
     Christopher M Downs
    Skillsoft Corporation
  http://www.skillsoft.com
"you can't point and click your
 way to super cracker status -"
--------------------------------

Current thread:

rule question cdowns (Sep 25)
- Re: rule question Italo Antonio (Sep 25)
- Re: rule question Wayne T Work (Sep 25)