|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] Rapidnet sig error?
From: Martin Roesch (roesch
hiverworld.com)Date: Tue Mar 07 2000 - 12:44:55 CST
- Next message: Martin Roesch: "Re: [snort] Spurious ALERT msgs in syslog"
- Previous message: Martin Roesch: "Re: [snort] Closing -b log file"
- In reply to: Stuart Staniford-Chen: "[snort] Rapidnet sig error?"
- Next in thread: Jim Forster: "Re: [snort] Rapidnet sig error?"
- Next in thread: Mullen, Patrick: "RE: [snort] Back home...."
- Reply: Martin Roesch: "Re: [snort] Rapidnet sig error?"
- Reply: Jim Forster: "Re: [snort] Rapidnet sig error?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim, you hear that?? :)
Stuart Staniford-Chen wrote:
>
> The following sig is in the Rapidnet set:
>
> alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"IIS-showcode";flags:PA;
> content:"msads/Samples/selector/showcode.asp";)
>
> Shouldn't that be "msadc" rather than "msads"?
>
> Thanks,
>
> Stuart.
>
> --
> Stuart Staniford-Chen --- President --- Silicon Defense
> stuartsilicondefense.com
> (707) 822-4588 (707) 826-7571 (FAX)
-- Martin Roesch <roesch
- Next message: Martin Roesch: "Re: [snort] Spurious ALERT msgs in syslog"
- Previous message: Martin Roesch: "Re: [snort] Closing -b log file"
- In reply to: Stuart Staniford-Chen: "[snort] Rapidnet sig error?"
- Next in thread: Jim Forster: "Re: [snort] Rapidnet sig error?"
- Next in thread: Mullen, Patrick: "RE: [snort] Back home...."
- Reply: Martin Roesch: "Re: [snort] Rapidnet sig error?"
- Reply: Jim Forster: "Re: [snort] Rapidnet sig error?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]