|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISSForum] Unix/Linux Shell code execution signatures Proventia A 201
From: Juan Roa (juanuko
gmail.com)
Date: Thu Jun 23 2005 - 14:28:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi:
We had made some testing in our labs, in order to determine if the
signatures already present in siteprotector sensors( wee can only find
8) are able to detect code shell execution in unix/linux web servers
enviroments.
We try a lot of examples of code shell execution attemps , starting
off very specific to very general shell code execution attemps, and we
only can trigger the " HTTP_Unix_Passwords".
The signatures that we enabled in the policies were:
(HTTP_Shells_Bash)
(HTTP_Shells_C)
(HTTP_Shells_Ksh)
(HTTP_Shells_Perl)
(HTTP_Shells_Perl_Exe)
(HTTP_Shells_Rksh)
(HTTP_Shells_Sh)
(HTTP_Shells_Tcsh)
(HTTP_Unix_Passwords)
We are very worried because we was unable to detect a lot of attemps
of attacks of this kind.
Any ideas would help.
Thanks in advance
--
Juan Roa Salinas
Chile
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]