Snort mailing list archives
FYI - snort and the Apache ssl bug
From: Allen Baranov <allen () isa co za>
Date: Wed, 18 Sep 2002 08:19:05 +0200
Hi, Follows is a snort signature for the Apache bug. alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"EXPERIMENTAL WEB-MISC bad HTTP/1.1 request, potentual worm attack"; flow:to_server,established; content:"GET / HTTP/1.1|0d 0a 0d 0a|"; offset:0; depth:18; reference:url,securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html; classtype:web-application-activity; sid:1881; rev:1;) Allen Baranov -- Allen Baranov Information Security Architects (ISA) Tel: +27 (0) 11 326-2242 Fax: +27 (0) 11 326-2285 http://www.isa.co.za ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FYI - snort and the Apache ssl bug Allen Baranov (Sep 17)
- Re: FYI - snort and the Apache ssl bug Jeff Taylor (Sep 18)