Which may be found at http://www.grotto-group.com/~gulfie/projects... maybe
| ./snortrules-COMM-2.4/rules/community-virus.rules Fri Dec 2 01:26:19 2005 | |
|---|---|
| Filename : line | Rules |
| ./snortrules-COMM-2.4/rules/community-virus.rules : 1 | # Copyright 2005 Sourcefire, Inc. All Rights Reserved.
|
| ./snortrules-COMM-2.4/rules/community-virus.rules : 2 | # These rules are licensed under the GNU General Public License.
|
| ./snortrules-COMM-2.4/rules/community-virus.rules : 3 | # Please see the file LICENSE in this directory for more details.
|
| ./snortrules-COMM-2.4/rules/community-virus.rules : 4 | # $Id: community-virus.rules,v 1.6 2005/03/08 14:41:42 bmc Exp $
|
| ./snortrules-COMM-2.4/rules/community-virus.rules : 5 |
|
| ./snortrules-COMM-2.4/rules/community-virus.rules : 6 | alert tcp $EXTERNAL_NET any -> $HOME_NET 5554 (msg:"COMMUNITY VIRUS Dabber PORT overflow attempt port 5554"; flow:to_server,established,no_stream; content:"PORT"; nocase; isdataat:100,relative; pcre:"/^PORT\s[^\n]{100}/smi"; reference:MCAFEE,125300; classtype:attempted-admin; sid:100000110; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-virus.rules : 7 | alert tcp $EXTERNAL_NET any -> $HOME_NET 1023 (msg:"COMMUNITY VIRUS Dabber PORT overflow attempt port 1023"; flow:to_server,established,no_stream; content:"PORT"; nocase; isdataat:100,relative; pcre:"/^PORT\s[^\n]{100}/smi"; reference:MCAFEE,125300; classtype:attempted-admin; sid:100000111; rev:1;)
|