Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SID 1287

From: Jens Krabbenhoeft <tschenz-snort-users () noris net>
Date: Wed, 6 Nov 2002 17:24:23 +0100
Hi,


They are coming from SID 1287.


http://www.snort.org/snort-db/sid.html?sid=1287

+----------------------------------------------------------------------------+
|      SID      | 1287        |    message     | WEB-IIS scripts access      |
|---------------+------------------------------------------------------------|
|   Signature   | alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS   |
|               | (msg:"WEB-IIS scripts access"; flow:to_server,established; |
|               | uricontent:"/scripts/"; nocase;                            |
|               | classtype:web-application-activity; sid:1287; rev:5;)      |
|---------------+------------------------------------------------------------|


GET /custx/scrip
ts/collection/of


"/scripts/" there :).


Many thanks,


HTH,
        Jens


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: