Snort mailing list archives
Re: sid:19825 Apache Killer
From: JJC <cummingsj () gmail com>
Date: Fri, 23 Sep 2011 08:19:50 -0600
This rule still exists in the current VRT ruleset, same SID, same REV. JJC On Thu, Sep 22, 2011 at 8:23 PM, Yap Ji Wen <jwyap1016 () gmail com> wrote:
Hi All, Can anyone confirm if the following signature is still in the VRT ruleset? alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"DOS Apache Killer DoS tool"; flow:established,to_server; content:"Range|3A|bytes="; nocase; http_header; pcre:"/^Range\x3Abytes=([\d\x2D]+\x2C){6}/Hsmi"; content:"HEAD"; nocase; http_method; reference:cve,2011-3192; reference:url, archives.neohapsis.com/archives/fulldisclosure/2011-08/0203.html; classtype:attempted-dos; sid:19825; rev:2; ) I have downloaded the latest Sigs and did not see it in the pack. If it is indeed removed by VRT, are there any signatures that replaces it? Thanks. Rgds, Jiwen ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- sid:19825 Apache Killer Yap Ji Wen (Sep 22)
- Re: sid:19825 Apache Killer JJC (Sep 23)