RE: Where do these rules come from?

[Steve Halligan <agent33 () geeksquad com>]

> > The rules are there because there are kiddie tools which will scan a
> > webserver for hundreds of commonly found known exploitable 
> > cgi programs,
> > and if we didn't rules to detect them, then we'd never know 
> > we were being scanned.
> >
> > -Wes
>
> I understand that.  But what exploitable cgi program is this 
> rule for, for example.
> Shouldn't that info be in the rule?
I found the answer for this rule, but there are many more like it in
web-cgi.rules.  I know I know
I should go fix it.  I'll shut up now :)

a scan for /calendar is probably looking for CVE-2000-0432.  The perl script
/cgi-bin/calendar_admin.pl and a bunch of exploits...etc...etc.

-Steve 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users