Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Has a rule been created for this?

From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Tue, 13 Apr 2010 11:39:48 -0500
PHP is server-side, what behavior were you wanting to alert on 
specifically? Best I can figure you want to detect on upload of this 
file to an HTTPd, correct?

-evilghost

Adam Richards wrote:

I have been seeing this obfuscated php file around a lot lately and I
wasn't sure if there was a rule yet for it. There are a few unique
strings in it that we can look for. 
http://webcache.googleusercontent.com/search?q=cache:MyKUomVp7rQJ:forums
.devnetwork.net/viewtopic.php%3Ff%3D34%26t%3D88942+L0oZuRpAnTz&cd=1&hl=e
n&ct=clnk&gl=us


Adam Richards,CISSP | CEH


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
  


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: