Snort mailing list archives

Previous By Date Next
Previous By Thread Next

unknown attack

From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Tue, 5 Mar 2002 16:18:33 -0500

Does anyone know anything about this rule? I just upgraded Snort to 1.9dev
and am noticing this alert occasionally. I can't seem to find any info on
this. 

Is there a good place where I can look these up? I noticed whitehats is no
longer there......


WEB-ATTACKS id command attempt

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-ATTACKS id command
attempt"; flags:A+; content:"\;id";nocase; sid:1333; rev:1;
classtype:web-application-attack;)

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: