Which may be found at http://www.grotto-group.com/~gulfie/projects... maybe
| ./snortrules-COMM-2.4/rules/community-nntp.rules Fri Dec 2 01:24:02 2005 | |
|---|---|
| Filename : line | Rules |
| ./snortrules-COMM-2.4/rules/community-nntp.rules : 1 | # Copyright 2005 Sourcefire, Inc. All Rights Reserved.
|
| ./snortrules-COMM-2.4/rules/community-nntp.rules : 2 | # These rules are licensed under the GNU General Public License.
|
| ./snortrules-COMM-2.4/rules/community-nntp.rules : 3 | # Please see the file LICENSE in this directory for more details.
|
| ./snortrules-COMM-2.4/rules/community-nntp.rules : 4 | # $Id: community-nntp.rules,v 1.2 2005/10/20 13:52:34 akirk Exp $
|
| ./snortrules-COMM-2.4/rules/community-nntp.rules : 5 |
|
| ./snortrules-COMM-2.4/rules/community-nntp.rules : 6 | alert tcp $EXTERNAL_NET any - > $HOME_NET 119 (msg:"COMMUNITY NNTP Lynx overflow attempt"; flow:to_server,established; content:"Subject"; nocase; pcre:"/^Subject\x3a[^\r\n]{100,}/smi"; reference:cve,2005-3120; reference:bugtraq,15117; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=20019; reference:nessus,20035; classtype:attempted-admin; sid:100000172; rev:1;)
|