CVS log for snort/rules/tftp.rules

 (logo)

Help
(back) Up to [cvs] / snort / rules

Request diff between arbitrary revisions

Default branch: MAIN
Bookmark a link to: HEAD / (download)
Revision 1.21 / (view) - annotate - [select for diffs] , Thu Feb 10 01:11:04 2005 UTC (5 years, 1 month ago) by bmc
Branch: MAIN
CVS Tags: HEAD
Changes since 1.20: +0 -0 lines
Diff to previous 1.20 
a bunch of new rules.  thanks microsoft, I didn't want to sleep on my birthday.  Really.
Revision 1.20 / (view) - annotate - [select for diffs] , Wed Jan 12 15:46:11 2005 UTC (5 years, 2 months ago) by bmc
Branch: MAIN
Changes since 1.19: +0 -0 lines
Diff to previous 1.19 
a bunch of new rules.  go sourcefire.
Revision 1.16.2.2 / (view) - annotate - [select for diffs] , Tue Aug 10 13:52:06 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_2
CVS Tags: SNORT_v2_2_0
Changes since 1.16.2.1: +1 -1 lines
Diff to previous 1.16.2.1 to branch point 1.16 to next main 1.17 
* sync sync sync
Revision 1.11.2.5 / (view) - annotate - [select for diffs] , Fri Jul 23 20:26:27 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_1
Changes since 1.11.2.4: +3 -3 lines
Diff to previous 1.11.2.4 to branch point 1.11 to next main 1.12 
* new rules
Revision 1.16.2.1 / (view) - annotate - [select for diffs] , Fri Jul 23 20:19:27 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_2
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 
* massive sync here too
Revision 1.19 / (view) - annotate - [select for diffs] , Fri Jul 23 20:15:44 2004 UTC (5 years, 7 months ago) by bmc
Branch: MAIN
CVS Tags: STABLE, SNORT_v2_3_0-RC2, SNORT_v2_3_0-RC1, SNORT_v2_3_0, SNORT_2_3
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 
* sync sync sync
* go ruleteam go
Revision 1.10.2.2 / (view) - annotate - [select for diffs] , Thu Jul 15 19:14:33 2004 UTC (5 years, 8 months ago) by bmc
Branch: SNORT_2_0
Changes since 1.10.2.1: +12 -12 lines
Diff to previous 1.10.2.1 to branch point 1.10 to next main 1.11 
* massive sync from head
Revision 1.18 / (view) - annotate - [select for diffs] , Thu Jul 15 16:21:29 2004 UTC (5 years, 8 months ago) by bmc
Branch: MAIN
Changes since 1.17: +6 -6 lines
Diff to previous 1.17 
* yet another sync, lets go forward in time, not backwards...
Revision 1.17 / (view) - annotate - [select for diffs] , Wed Jul 14 21:16:10 2004 UTC (5 years, 8 months ago) by bmc
Branch: MAIN
Changes since 1.16: +6 -6 lines
Diff to previous 1.16 
* massive rule updates (go ruleteam, go)
Revision 1.11.2.4 / (view) - annotate - [select for diffs] , Wed Jun 16 15:11:07 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: SNORT_2_1
Changes since 1.11.2.3: +5 -5 lines
Diff to previous 1.11.2.3 to branch point 1.11 
* Syncing changes for rules team
Revision 1.16 / (view) - annotate - [select for diffs] , Tue Jun 15 13:47:08 2004 UTC (5 years, 9 months ago) by bmc
Branch: MAIN
CVS Tags: SNORT_v2_2_0-RC1
Branch point for: SNORT_2_2
Changes since 1.15: +6 -6 lines
Diff to previous 1.15 
* lets try this *again*
Revision 1.15 / (view) - annotate - [select for diffs] , Thu Jun 3 20:11:05 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: MAIN
Changes since 1.14: +12 -12 lines
Diff to previous 1.14 
* sync with sforge current
Revision 1.11.2.3 / (view) - annotate - [select for diffs] , Thu Jun 3 18:13:38 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: SNORT_2_1
CVS Tags: SNORT_v2_1_3
Changes since 1.11.2.2: +11 -11 lines
Diff to previous 1.11.2.2 to branch point 1.11 
* updating 2.1.3 from sforge
Revision 1.11.2.2 / (view) - annotate - [select for diffs] , Fri May 28 19:21:41 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: SNORT_2_1
Changes since 1.11.2.1: +1 -1 lines
Diff to previous 1.11.2.1 to branch point 1.11 
* syncing up sfire with sforge 2.1 branch
Revision 1.14 / (view) - annotate - [select for diffs] , Sun Apr 18 20:32:59 2004 UTC (5 years, 11 months ago) by cazz
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 
* a ton of new rules, a bunch of updates too.

2447 || WEB-MISC ServletManager access || cve,CAN-2001-1195 || nessus,12122
2448 || WEB-MISC setinfo.hts access || bugtraq,9973 || nessus,12120
2449 || FTP ALLO overflow attempt || bugtraq,9953
2450 || CHAT Yahoo IM successful logon
2451 || CHAT Yahoo IM voicechat
2452 || CHAT Yahoo IM ping
2453 || CHAT Yahoo IM conference invitation
2454 || CHAT Yahoo IM conference logon success
2455 || CHAT Yahoo IM conference message
2456 || CHAT Yahoo IM file transfer request
2457 || CHAT Yahoo IM message
2458 || CHAT Yahoo IM successful chat join
2459 || CHAT Yahoo IM webcam offer invitation
2460 || CHAT Yahoo IM webcam request
2461 || CHAT Yahoo IM webcam watch
2462 || EXPLOIT IGMP IGAP account overflow attempt || bugtraq,9952 || cve,CAN-2004-0176
2463 || EXPLOIT IGMP IGAP message overflow attempt || bugtraq,9952 || cve,CAN-2004-0176
2464 || EXPLOIT EIGRP prefix length overflow attempt || bugtraq,9952 || cve,CAN-2004-0176
2465 || NETBIOS SMB-DS IPC$ share access
2466 || NETBIOS SMB-DS IPC$ share unicode access
2467 || NETBIOS SMB D$ share unicode access
2468 || NETBIOS SMB-DS D$ share access
2469 || NETBIOS SMB-DS D$ share unicode access
2470 || NETBIOS SMB C$ share unicode access
2471 || NETBIOS SMB-DS C$ share access
2472 || NETBIOS SMB-DS C$ share unicode access
2473 || NETBIOS SMB ADMIN$ share unicode access
2474 || NETBIOS SMB-DS ADMIN$ share access
2475 || NETBIOS SMB-DS ADMIN$ share unicode access
2476 || NETBIOS SMB-DS Create AndX Request winreg attempt
2477 || NETBIOS SMB-DS Create AndX Request winreg unicode attempt
2478 || NETBIOS SMB-DS DCERPC bind winreg attempt
2479 || NETBIOS SMB-DS DCERPC bind winreg unicode attempt
2480 || NETBIOS SMB-DS DCERPC shutdown unicode attempt
2481 || NETBIOS SMB-DS DCERPC shutdown unicode little endian attempt
2482 || NETBIOS SMB-DS DCERPC shutdown attempt
2483 || NETBIOS SMB-DS DCERPC shutdown little endian attempt
2484 || WEB-MISC source.jsp access || nessus,12119
2485 || WEB-CLIENT Nortan antivirus sysmspam.dll load attempt || bugtraq,9916
2486 || DOS ISAKMP invalid identification payload attempt || bugtraq,10004
2487 || SMTP WinZip MIME content-type buffer overflow || bugtraq,9758
2488 || SMTP WinZip MIME content-disposition buffer overflow || bugtraq,9758
2489 || EXPLOIT esignal STREAMQUOTE buffer overflow attempt || bugtraq,9978
2490 || EXPLOIT esignal SNAPQUOTE buffer overflow attempt || bugtraq,9978
2491 || NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2003-0813
2492 || NETBIOS SMB DCERPC ISystemActivator bind attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2003-0813
2493 || NETBIOS SMB DCERPC ISystemActivator unicode bind attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2003-0813
2494 || NETBIOS DCEPRC ORPCThis request flood attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2003-0813
2495 || NETBIOS SMB DCEPRC ORPCThis request flood attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2003-0813
2496 || NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2003-0813
2497 || IMAP invalid SSLv3 data version attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2498 || IMAP invalid SSLv3 timestamp attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2499 || MISC LDAP invalid SSLv3 timestamp attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2500 || MISC LDAP invalid SSLv3 data version attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2501 || POP3 invalid SSLv3 timestamp attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2502 || POP3 invalid SSLv3 data version attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2503 || SMTP invalid SSLv3 timestamp attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2504 || SMTP invalid SSLv3 data version attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2505 || WEB-MISC invalid SSLv3 data version attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2506 || WEB-MISC invalid SSLv3 timestamp attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
Revision 1.13 / (view) - annotate - [select for diffs] , Sat Mar 20 21:58:43 2004 UTC (6 years ago) by cazz
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 
* Added a ton of rules that include vulnerabilities in many high-profile
  security products, including Checkpoint & ISS gear (see below)
* provided a single high-powered rule for detecting all of the evil virus emails
* added even more docs.  (Go Nigel)

2405 || WEB-PHP phptest.php access || bugtraq,9737
2406 || TELNET APC SmartSlot default admin account attempt || bugtraq,9681
2407 || WEB-MISC util.pl access || bugtraq,9748
2408 || WEB-MISC Invision Power Board search.pl access || bugtraq,9766
2409 || POP3 APOP USER overflow attempt || bugtraq,9794
2410 || WEB-PHP IGeneric Free Shopping Cart page.php access || bugtraq,9773
2411 || WEB-MISC Real Server DESCRIBE buffer overflow attempt || url,www.service.real.com/help/faq/security/rootexploit091103.html || bugtraq,8476
2412 || ATTACK-RESPONSES successful cross site scripting forced download attempt
2413 || EXPLOIT ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2414 || EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2415 || EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2416 || FTP invalid MDTM command attempt
2417 || FTP format string attempt
2418 || MISC MS Terminal Server no encryption session initiation attmept || url,www.microsoft.com/technet/security/bulletin/MS01-052.asp
2419 || MULTIMEDIA realplayer .ram playlist download attempt
2420 || MULTIMEDIA realplayer .rmp playlist download attempt
2421 || MULTIMEDIA realplayer .smi playlist download attempt
2422 || MULTIMEDIA realplayer .rt playlist download attempt
2423 || MULTIMEDIA realplayer .rp playlist download attempt
2424 || NNTP sendsys overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2425 || NNTP senduuname overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2426 || NNTP version overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2427 || NNTP checkgroups overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2428 || NNTP ihave overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2429 || NNTP sendme overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2430 || NNTP newgroup overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2431 || NNTP rmgroup overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2432 || NNTP article post without path attempt
2433 || WEB-CGI MDaemon form2raw.cgi overflow attempt || bugtraq,9317
2434 || WEB-CGI MDaemon form2raw.cgi access || bugtraq,9317
2435 || WEB-CLIENT Microsoft emf metafile access || bugtraq,9707
2436 || WEB-CLIENT Microsoft wmf metafile access || bugtraq,9707
2437 || WEB-CLIENT RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9738 || cve,CAN-2003-0726
2438 || WEB-CLIENT RealPlayer playlist file URL overflow attempt || bugtraq,9579
2439 || WEB-CLIENT RealPlayer playlist http URL overflow attempt || bugtraq,9579
2440 || WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579
2441 || WEB-MISC NetObserve authentication bypass attempt || bugtraq,9319
2442 || WEB-MISC Quicktime User-Agent buffer overflow attempt || cve,CAN-2004-0169
2443 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2444 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2445 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER last name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2446 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER email overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
Revision 1.11.2.1 / (view) - annotate - [select for diffs] , Wed Feb 25 16:52:51 2004 UTC (6 years ago) by jh8
Branch: SNORT_2_1
CVS Tags: SNORT_v2_1_3-RC1, SNORT_v2_1_2, SNORT_v2_1_1
Changes since 1.11: +4 -2 lines
Diff to previous 1.11 
* Bringing RC1 up to 2.1.1
Revision 1.10.2.1 / (view) - annotate - [select for diffs] , Fri Feb 20 20:39:31 2004 UTC (6 years, 1 month ago) by cazz
Branch: SNORT_2_0
Changes since 1.10: +4 -2 lines
Diff to previous 1.10 
* sync sync sync, sync sync sync, sync your rules
Revision 1.12 / (view) - annotate - [select for diffs] , Fri Feb 20 17:16:36 2004 UTC (6 years, 1 month ago) by cazz
Branch: MAIN
Changes since 1.11: +4 -2 lines
Diff to previous 1.11 
* bunch o bunch o updates
Revision 1.11 / (view) - annotate - [select for diffs] , Mon Oct 20 15:03:13 2003 UTC (6 years, 5 months ago) by chrisgreen
Branch: MAIN
CVS Tags: version-2-1-0, cmg, SNORT_v2_1_1-RC1, SNORT_v2_1_0
Branch point for: SNORT_2_1
Changes since 1.10: +1 -1 lines
Diff to previous 1.10 
* Major add/commit of 2.1 feature set...

  Will do a tag and then remove the "moved" files
Revision 1.10 / (view) - annotate - [select for diffs] , Thu Apr 17 00:35:47 2003 UTC (6 years, 11 months ago) by cazz
Branch: MAIN
CVS Tags: version-2-0-6, version-2-0-5, version-2-0-2, version-2-0-1
Branch point for: SNORT_2_0
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 
* MASSIVE sync of rules

This is the first major sync of rules since I started working for Sourcefire.

Many of these updates are a direct result of my employment at Sourcefire.  We
have time and resources to test and document rules extensively.  Many people
have contributed to these updates.  Too many to mention here.

You should continue to see awesome updates, rewrites and new rules as
Sourcefire is dedicating serious resources to the Snort project.

Even if you don't buy an appliance from Sourcefire, you should send an
email to info@sourcefire.com to let them know how much you appreciate their
dedication to making snort awesome.
Revision 1.8.2.2 / (view) - annotate - [select for diffs] , Fri Feb 7 22:05:04 2003 UTC (7 years, 1 month ago) by cazz
Branch: SNORT_1_9
CVS Tags: version-1-9-1
Changes since 1.8.2.1: +2 -2 lines
Diff to previous 1.8.2.1 to branch point 1.8 to next main 1.9 
* merge merge merge merge merge.  Happy with the merge?
Revision 1.9 / (view) - annotate - [select for diffs] , Mon Nov 25 01:58:12 2002 UTC (7 years, 3 months ago) by cazz
Branch: MAIN
CVS Tags: version-2-0-0, CMG
Changes since 1.8: +7 -6 lines
Diff to previous 1.8 
* updated sid:107 - corrected bad content checks
* updated sid:159 - corrected client/server pair
* updated sid:195 - corrected client/server pair
* updated sid:1929 - (trust me, it changed between 1,2 and 3)
* updated sid:524 - removed invalid references
* updated sid:238 - corrected client/server pair
* updated sid:1257 - added additional ports that can be targetted
* updated sid:306 - added reference
* updated sid:1919 - added references
* updated sid:1734 - added references
* updated sid:361 - added distance to limit false positives
* updated sid:362 - removed RETR content check (can be used with STOR as well)
* updated sid:1377 - added distance to limit false positives
* updated sid:1378 - added distance to limit false positives
* re-enabled sid:1748 - should be on by default
* updated sid:1844 - use byte_test instead of distance
* updated sid:1845 - use byte_test instead of distance
* updated sid:1903 - remove additional un-needed content
* updated sid:1755 - use within
* disabled sid:293 - replaced with other sids
* disabled sid:295 - replaced with other sids
* disabled sid:296 - replaced with other sids
* disabled sid:297 - replaced with other sids
* disabled sid:298 - replaced with other sids
* disabled sid:299 - replaced with other sids
* updated sid:489 - added within
* updated sid:1866 - added references
* disabled sid:570 - replaced with other sids
* disabled sid:571 - replaced with other sids
* updated sid:664 - updated MSG to be more clear
* updated sid:1289 - added offsets
* updated sid:1441 - added offsets
* updated sid:1442 - added offsets
* updated sid:1443 - added offsets
* updated sid:519 - added offsets
* updated sid:1149 - updated MSG to be more clear
* disabled sid:1287 - too false positive to be on by default
* updated sid:1069 - updated MSG to be more clear
* updated sid:1519 - updated MSG to be correct, update content to be correct
* updated sid:1809 - use HTTP_PORTS instead of 80
* updated sid:1826 - correct uricontent
* disabled sid:1171 - too false positive to be on by default

* deleted sid:874 - very bad rule
* deleted sid:318 - replaced by sid:1939 and sid:1940
* deleted sid:319 - replaced by sid:1939 and sid:1940

* reordered rpc.rules to be a bit more clear
* reordered dns.rules to be a bit more clear
* added pop2.rules
* disaabled asn1_decode, as it shouldn't be on by default
* added the following rules:
1929 || BACKDOOR TCPDUMP/PCAP trojan traffic || url,hlug.fscker.com
1930 || IMAP auth overflow attempt || cve,CVE-1999-0005
1931 || WEB-CGI rpc-nlog.pl access || cve,CAN-1999-1278
1932 || WEB-CGI rpc-smb.pl access || cve,CAN-1999-1278
1933 || WEB-CGI cart.cgi access
1934 || POP2 FOLD overflow attempt || cve,CVE-1999-0920 || bugtraq,283
1935 || POP2 FOLD arbitrary file attempt
1936 || POP3 AUTH overflow attempt
1937 || POP3 LIST overflow attempt || cve,CAN-2000-0096 || bugtraq,948
1938 || POP3 XTND overflow attempt
1939 || MISC bootp hardware address lenght overflow || cve,CAN-1999-0798
1940 || MISC bootp invalid hardware type || cve,CAN-1999-0798
1941 || TFTP filename overflow attempt || bugtraq,5328 || cve,CAN-2002-0813
1942 || FTP RMDIR overflow attempt
1943 || WEB-MISC /Carello/add.exe access || bugtraq,1245 || cve,CVE-2000-0396
1944 || WEB-MISC /ecscripts/ecware.exe access
1945 || WEB-IIS unicode directory traversal attempt || cve,CVE-2000-0884
1946 || WEB-MISC answerbook2 admin attempt
1947 || WEB-MISC answerbook2 arbitrary command execution attempt
1948 || DNS zone transfer UDP || arachnids,212 || cve,CAN-1999-0532
1949 || RPC portmap SET attempt TCP 111
1950 || RPC portmap SET attempt UDP 111
1951 || RPC mountd TCP mount request
1952 || RPC mountd UDP export request
1953 || RPC AMD TCP pid request
1954 || RPC AMD UDP pid request
1955 || RPC AMD TCP version request
1956 || RPC AMD UDP version request
1957 || RPC sadmind UDP PING || bugtraq,866
1958 || RPC sadmind TCP PING || bugtraq,866
1959 || RPC portmap request NFS UDP
1960 || RPC portmap request NFS TCP
1961 || RPC portmap request RQUOTA UDP
1962 || RPC portmap request RQUOTA TCP
1963 || RPC RQUOTA UDP getquota overflow attempt || bugtraq,864 || cve,CVE-1999-0974
1964 || RPC tooltalk UDP overflow attempt
1965 || RPC tooltalk TCP overflow attempt
1966 || MISC GlobalSunTech Access Point Information Discolsure attempt || bugtraq,6100
1967 || WEB-PHP phpbb quick-reply.php arbitrary command attempt || bugtraq,6173
1968 || WEB-PHP phpbb quick-reply.php access || bugtraq,6173
1969 || WEB-MISC ion-p access || bugtraq,6091
1970 || WEB-IIS MDAC Content-Type overflow attempt
1971 || FTP SITE EXEC format string attempt
1972 || FTP PASS overflow attempt || cve,CAN-2002-0126 || cve,CAN-2000-1035
1973 || FTP MKD overflow attempt || bugtraq,612 || cve,CAN-1999-0911
1974 || FTP REST overflow attempt || cve,CAN-2001-0826
1975 || FTP DELE overflow attempt || cve,CAN-2001-0826
1976 || FTP RMD overflow attempt || cve,CAN-2001-0826
1977 || WEB-MISC xp_regwrite attempt
1978 || WEB-MISC xp_regdeletekey attempt
1979 || WEB-MISC perl post attempt || nessus,11158 || bugtraq,5520
Revision 1.8.2.1 / (view) - annotate - [select for diffs] , Sun Nov 17 04:40:09 2002 UTC (7 years, 4 months ago) by cazz
Branch: SNORT_1_9
Changes since 1.8: +7 -6 lines
Diff to previous 1.8 
* major sync from current (look ma, no experimental.rules)
* added pop2.rules
* regen sid-msg.map
Revision 1.8 / (view) - annotate - [select for diffs] , Sun Aug 18 20:28:43 2002 UTC (7 years, 7 months ago) by cazz
Branch: MAIN
CVS Tags: version-1-9-0
Branch point for: SNORT_1_9
Changes since 1.7: +3 -2 lines
Diff to previous 1.7 
* large update of signatures.  CVS disconnected during the last commit, so
  this is a recommit
Revision 1.7 / (view) - annotate - [select for diffs] , Thu Jun 27 01:45:52 2002 UTC (7 years, 8 months ago) by chrisgreen
Branch: MAIN
CVS Tags: beta-1_9_0-beta6, beta-1_9_0-beta5, beta-1_9_0-beta4, beta-1_9_0-beta2
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 
* accidental regression in tftp.rules
Revision 1.6 / (view) - annotate - [select for diffs] , Thu Jun 27 01:41:01 2002 UTC (7 years, 8 months ago) by chrisgreen
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 
* snmp updates ( Thanks Glenn! )
* snort.conf update ( Thanks Erek )
Revision 1.5 / (view) - annotate - [select for diffs] , Sat May 4 00:53:25 2002 UTC (7 years, 10 months ago) by cazz
Branch: MAIN
Changes since 1.4: +3 -3 lines
Diff to previous 1.4 
* removed spaces at the end of a ton of signatures.  Since this isn't technically modifying the sig, I didn't bump the rev.  Any decent parsing program shouldn't bitch at this.
* corrected sid:1747 - corrected msg (said UDP in TCP sig)
* corrected sid:1746 - corrected msg (said TCP in UDP sig)
* corrected sid:1562 - SITE CHOWN sig should look for SITE CHOWN, not USER
* added the following sigs:
1734 || EXPERIMENTAL FTP USER overflow attempt || bugtraq,4638
1735 || EXPERIMENTAL WEB-CLIENT XMLHttpRequest attempt
1736 || EXPERIMENTAL WEB-MISC squirrelmail spellcheck arbitrary command attemp || bugtraq,3952
1737 || EXPERIMENTAL WEB-MISC squirrelmail theme arbitrary command attempt || bugtraq,4385
1738 || EXPERIMENTAL WEB-MISC global.inc access || bugtraq,4612
1739 || EXPERIMENTAL WEB-PHP DNSTools administror authentication bypass attempt || bugtraq,4617
1740 || EXPERIMENTAL WEB-PHP DNSTools authentication bypass attempt || bugtraq,4617
1741 || EXPERIMENTAL WEB-PHP DNSTools access || bugtraq,4617
1742 || EXPERIMENTAL WEB-PHP Blahz-DNS dostuff.php modify user attempt || bugtraq,4618
1743 || EXPERIMENTAL WEB-PHP Blahz-DNS dostuff.php access || bugtraq,4618
1744 || EXPERIMENTAL WEB-MISC SecureSite authentication bypass attempt || bugtraq,4621
1745 || EXPERIMENTAL WEB-PHP Messagerie supp_membre.php access || bugtraq,4635
1746 || RPC UDP cachefsd request
1747 || RPC TCP cachefsd request
1748 || EXPERIMENTAL FTP command overflow attempt
1749 || EXPERIMENTAL WEB-IIS .NET trace.axd access
1750 || EXPERIMENTAL WEB-IIS users.xml access
Revision 1.4 / (view) - annotate - [select for diffs] , Sun Apr 28 21:08:48 2002 UTC (7 years, 10 months ago) by cazz
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 
* updated sid:1444 - corrected content
Revision 1.3 / (view) - annotate - [select for diffs] , Sat Mar 23 14:40:20 2002 UTC (8 years ago) by cazz
Branch: MAIN
Changes since 1.2: +12 -7 lines
Diff to previous 1.2 
* Added the following signatures:
1428 || EXPERIMENTAL audio galaxy keepalive
1429 || EXPERIMENTAL poll.gotomypc.com access || url,www.gotomypc.com/help2.tmpl
1430 || EXPERIMENTAL TELNET solaris memory mismanagement exploit attempt
1431 || EXPERIMENTAL BAD TRAFFIC syn to multicast address
1432 || INFO GNUTella GET
1433 || WEB-MISC .history access
1434 || WEB-MISC .bash_history access
1435 || DNS named authors attempt || arachnids,480
1436 || MULTIMEDIA Quicktime User Agent access
1437 || MULTIMEDIA Windows Media audio download
1438 || MULTIMEDIA Windows Media Video download
1439 || MULTIMEDIA Shoutcast playlist redirection
1440 || MULTIMEDIA Icecast playlist redirection
1441 || TFTP GET nc.exe
1442 || TFTP GET shadow
1443 || TFTP GET passwd
1444 || TFTP Get
1445 || FTP file_id.diz access
1446 || SMTP vrfy root

* Massive flow updates.  I hope nobody is using these signatures with 1.8.*
Revision 1.2 / (view) - annotate - [select for diffs] , Mon Oct 29 01:52:54 2001 UTC (8 years, 4 months ago) by roesch
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 
* Added copyright notices so that the Intrusion.com people might take our intellectual
  property a bit more seriously
Revision 1.1 / (view) - annotate - [select for diffs] , Tue Sep 25 04:08:40 2001 UTC (8 years, 5 months ago) by cazz
Branch: MAIN 
* add attack-responces, bad-traffic, and tftp
This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Diffs between and
Type of Diff should be a
View only Branch:
Sort log by:
snort-team@sourcefire.com