Snort mailing list archives
rule question
From: cdowns <cdowns () skillsoft com>
Date: Tue, 25 Sep 2001 11:44:06 -0400
I have created this rule for one of my IDS boxses but there is something wrong does anyone see what could be wrong with this ? im overlooking something simple im sure. alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 3052 (msg:WEB-MISC APC Network dot dot Bug"; uricontent:"/\../\../\../\..\/\../WINNT/repair/"; flags:A+; class type:attempted-admin;) thanks -D -- -------------------------------- Network Security Administrator Christopher M Downs Skillsoft Corporation http://www.skillsoft.com "you can't point and click your way to super cracker status -" --------------------------------
Current thread:
- rule question cdowns (Sep 25)
- Re: rule question Italo Antonio (Sep 25)
- Re: rule question Wayne T Work (Sep 25)