Which may be found at http://www.grotto-group.com/~gulfie/projects... maybe
| ./snortrules-VRT_PR-2.4/rules/snmp.rules Fri Dec 2 01:26:40 2005 | |
|---|---|
| Filename : line | Rules |
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 1 | # Copyright 2001-2005 Sourcefire, Inc. All Rights Reserved
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 2 | #
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 3 | # This file may contain proprietary rules that were created, tested and
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 4 | # certified by Sourcefire, Inc. (the "VRT Certified Rules") as well as
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 5 | # rules that were created by Sourcefire and other third parties and
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 6 | # distributed under the GNU General Public License (the "GPL Rules"). The
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 7 | # VRT Certified Rules contained in this file are the property of
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 8 | # Sourcefire, Inc. Copyright 2005 Sourcefire, Inc. All Rights Reserved.
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 9 | # The GPL Rules created by Sourcefire, Inc. are the property of
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 10 | # Sourcefire, Inc. Copyright 2002-2005 Sourcefire, Inc. All Rights
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 11 | # Reserved. All other GPL Rules are owned and copyrighted by their
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 12 | # respective owners (please see www.snort.org/contributors for a list of
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 13 | # owners and their respective copyrights). In order to determine what
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 14 | # rules are VRT Certified Rules or GPL Rules, please refer to the VRT
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 15 | # Certified Rules License Agreement.
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 16 | #
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 17 | #
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 18 | # $Id: snmp.rules,v 1.17.2.1.2.1 2005/05/16 22:17:52 mwatchinski Exp $
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 19 | # ---------------
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 20 | # SNMP RULES
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 21 | # ---------------
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 22 | #
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 23 | alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP missing community string attempt"; content:"|04 00|"; depth:15; offset:5; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:1893; rev:4;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 24 | alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP null community string attempt"; content:"|04 01 00|"; depth:15; offset:5; reference:bugtraq,2112; reference:bugtraq,8974; reference:cve,1999-0517; classtype:misc-attack; sid:1892; rev:6;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 25 | alert udp $EXTERNAL_NET any - > $HOME_NET 161:162 (msg:"SNMP community string buffer overflow attempt"; content:"|02 01 00 04 82 01 00|"; offset:4; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; reference:url,www.cert.org/advisories/CA-2002-03.html; classtype:misc-attack; sid:1409; rev:10;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 26 | alert udp $EXTERNAL_NET any - > $HOME_NET 161:162 (msg:"SNMP community string buffer overflow attempt with evasion"; content:" |04 82 01 00|"; depth:5; offset:7; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; reference:url,www.cert.org/advisories/CA-2002-03.html; classtype:misc-attack; sid:1422; rev:10;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 27 | alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP public access udp"; content:"public"; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1411; rev:10;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 28 | alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP public access tcp"; flow:to_server,established; content:"public"; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,7212; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1412; rev:13;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 29 | alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP private access udp"; content:"private"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:bugtraq,7212; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1413; rev:10;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 30 | alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP private access tcp"; flow:to_server,established; content:"private"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1414; rev:11;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 31 | alert udp any any -> 255.255.255.255 161 (msg:"SNMP Broadcast request"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1415; rev:9;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 32 | alert udp any any -> 255.255.255.255 162 (msg:"SNMP broadcast trap"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1416; rev:9;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 33 | alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP request udp"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1417; rev:9;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 34 | alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP request tcp"; flow:stateless; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1418; rev:11;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 35 | alert udp $EXTERNAL_NET any -> $HOME_NET 162 (msg:"SNMP trap udp"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1419; rev:9;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 36 | alert tcp $EXTERNAL_NET any -> $HOME_NET 162 (msg:"SNMP trap tcp"; flow:stateless; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1420; rev:11;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 37 | alert tcp $EXTERNAL_NET any -> $HOME_NET 705 (msg:"SNMP AgentX/tcp request"; flow:stateless; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1421; rev:11;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 38 | alert udp $EXTERNAL_NET any - > $HOME_NET 161 (msg:"SNMP PROTOS test-suite-req-app attempt"; content:"0&|02 01 00 04 06|public|A0 19 02 01 00 02 01 00 02 01 00|0|0E|0|0C 06 08|+|06 01 02 01 01 05 00 05 00|"; reference:url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html; classtype:misc-attack; sid:1426; rev:5;)
|
| ./snortrules-VRT_PR-2.4/rules/snmp.rules : 39 | alert udp $EXTERNAL_NET any - > $HOME_NET 162 (msg:"SNMP PROTOS test-suite-trap-app attempt"; content:"08|02 01 00 04 06|public|A4|+|06|"; reference:url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html; classtype:misc-attack; sid:1427; rev:4;)
|