OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian Caswell (bmcmitre.org)
Date: Fri Jun 15 2001 - 08:02:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Roeland Weve wrote:
    > 47 45 54 20 2F 73 65 61 72 63 68 72 65 73 75 6C GET /searchresul
    > 74 2F 2E 2E 2F 70 69 78 2F 6E 61 76 2F 6D 6F 5F t/../pix/nav/mo_
    > 30 5F 61 2E 67 69 66 20 48 54 54 50 2F 31 2E 30 0_a.gif HTTP/1.0
    > 0D 0A 52 65 66 65 72 65 72 3A 20 68 74 74 70 3A ..Referer: http:
    >
    > I now exlude this host via:
    > pass tcp any any -> hostip 80

    pass tcp any any -> hostip 80 (msg:"pass /../ where acceptable";
    uricontent:"/../"; flags:A+;) 

    -- 
Brian Caswell
The MITRE Corporation

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users