Snort 3 Rules

Зеркало правил Snort 3, а так же список используемых правил.

IDS: ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

Список правил

Карта сайта, для упрощения поиска сигнатур.

Список правил и описание периодически обновляются

Сигнатуры web-application-attack

  • APP-DETECT Acunetix web vulnerability scan attempt
  • APP-DETECT Acunetix web vulnerability scanner probe attempt
  • APP-DETECT Acunetix web vulnerability scanner authentication attempt
  • APP-DETECT Acunetix web vulnerability scanner RFI attempt
  • APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt
  • APP-DETECT Acunetix web vulnerability scanner URI injection attempt
  • APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt
  • APP-DETECT Acunetix web vulnerability scanner XSS attempt
  • BROWSER-OTHER Mozilla Netscape XMLHttpRequest local file read attempt
  • DELETED SERVER-WEBAPP store.cgi product directory traversal attempt
  • FILE-OTHER technote main.cgi file directory traversal attempt
  • INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt
  • INDICATOR-COMPROMISE Revil Kaseya ransomware log clearing http upload
  • INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation
  • OS-OTHER Cisco IOS HTTP configuration attempt
  • OS-WINDOWS SAP Crystal Reports crystalImageHandler.asp directory traversal attempt
  • POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected
  • SERVER-APACHE Apache Tomcat null byte directory listing attempt
  • SERVER-APACHE Apache Tomcat servlet mapping cross site scripting attempt
  • SERVER-APACHE Apache chunked-encoding worm attempt
  • SERVER-APACHE Apache Tomcat view source attempt
  • SERVER-APACHE Apache Chunked-Encoding worm attempt
  • SERVER-IIS .bat executable file parsing attack
  • SERVER-IIS .cmd executable file parsing attack
  • SERVER-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt
  • SERVER-IIS .cdx HTTP header buffer overflow attempt
  • SERVER-IIS .cer HTTP header buffer overflow attempt
  • SERVER-IIS .asa HTTP header buffer overflow attempt
  • SERVER-IIS /exchange/root.asp attempt
  • SERVER-IIS MS Site Server admin attempt
  • SERVER-IIS MS Site Server default login attempt
  • SERVER-IIS iisadmin access
  • SERVER-IIS iissamples access
  • SERVER-IIS /msadc/samples/ access
  • SERVER-IIS /scripts/samples/ access
  • SERVER-IIS Microsoft Office Outlook web dos
  • SERVER-IIS CodeRed v2 root.exe access
  • SERVER-IIS Unauthorized IP Access Attempt
  • SERVER-IIS scripts-browse access
  • SERVER-IIS perl-browse space attempt
  • SERVER-IIS perl-browse newline attempt
  • SERVER-IIS ism.dll attempt
  • SERVER-IIS isc$data attempt
  • SERVER-IIS Malformed Hit-Highlighting Argument File Access Attempt
  • SERVER-IIS iisadmpwd attempt
  • SERVER-IIS idc-srch attempt
  • SERVER-IIS fpcount attempt
  • SERVER-IIS directory listing
  • SERVER-IIS del attempt
  • SERVER-IIS Form_VBScript.asp access
  • SERVER-IIS Form_JScript.asp access
  • SERVER-IIS cmd? access
  • SERVER-IIS cmd.exe access
  • SERVER-IIS cmd32.exe access
  • SERVER-IIS asp-srch attempt
  • SERVER-IIS asp-dot attempt
  • SERVER-IIS ism.dll access
  • SERVER-IIS /scripts/iisadmin/default.htm access
  • SERVER-IIS +.htr code fragment attempt
  • SERVER-IIS ASP contents view
  • SERVER-IIS ASP contents view
  • SERVER-IIS Alternate Data streams ASP file access attempt
  • SERVER-IIS Microsoft Windows IIS directory traversal attempt
  • SERVER-IIS *.idc attempt
  • SERVER-IIS ISAPI .idq attempt
  • SERVER-IIS ISAPI .ida attempt
  • SERVER-IIS .asp chunked Transfer-Encoding
  • SERVER-IIS .htr chunked Transfer-Encoding
  • SERVER-IIS MDAC Content-Type overflow attempt
  • SERVER-OTHER Adobe Coldfusion datasource username attempt
  • SERVER-OTHER Adobe Coldfusion getodbcdsn access
  • SERVER-OTHER Adobe Coldfusion db connections flush attempt
  • SERVER-OTHER Adobe Coldfusion datasource passwordattempt
  • SERVER-OTHER Adobe Coldfusion datasource attempt
  • SERVER-OTHER Adobe Coldfusion admin encrypt attempt
  • SERVER-OTHER Adobe Coldfusion displayfile access
  • SERVER-OTHER Adobe Coldfusion getodbcin attempt
  • SERVER-OTHER Adobe Coldfusion admin decrypt attempt
  • SERVER-OTHER Adobe Coldfusion set odbc ini attempt
  • SERVER-OTHER Adobe Coldfusion settings refresh attempt
  • SERVER-OTHER Adobe Coldfusion startstop DOS access
  • SERVER-OTHER Microsoft Frontpage .... request
  • SERVER-OTHER Cisco denial of service attempt
  • SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow
  • SERVER-OTHER libgd heap-overflow attempt
  • SERVER-OTHER libgd heap-overflow attempt
  • SERVER-WEBAPP phf arbitrary command execution attempt
  • SERVER-WEBAPP awstats.pl command execution attempt
  • SERVER-WEBAPP mailman directory traversal attempt
  • SERVER-WEBAPP Ipswitch WhatsUpGold instancename overflow attempt
  • SERVER-WEBAPP CCBill whereami.cgi arbitrary command execution attempt
  • SERVER-WEBAPP Bugtraq enter_bug.cgi arbitrary command attempt
  • SERVER-WEBAPP mrtg.cgi directory traversal attempt
  • SERVER-WEBAPP AlienForm af.cgi directory traversal attempt
  • SERVER-WEBAPP AlienForm alienform.cgi directory traversal attempt
  • SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt
  • SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt
  • SERVER-WEBAPP SIX webboard generate.cgi attempt
  • SERVER-WEBAPP store.cgi directory traversal attempt
  • SERVER-WEBAPP txt2html.cgi directory traversal attempt
  • SERVER-WEBAPP SGI InfoSearch fname attempt
  • SERVER-WEBAPP sojourn.cgi File attempt
  • SERVER-WEBAPP bizdbsearch attempt
  • SERVER-WEBAPP webdist.cgi arbitrary command attempt
  • SERVER-WEBAPP Talentsoft Web+ exploit attempt
  • SERVER-WEBAPP cached_feed.cgi moreover shopping cart directory traversal
  • SERVER-WEBAPP Armada Style Master Index directory traversal
  • SERVER-WEBAPP Allaire Pro Web Shell attempt
  • SERVER-WEBAPP shopping cart directory traversal
  • SERVER-WEBAPP eXtropia webstore directory traversal
  • SERVER-WEBAPP ads.cgi command execution attempt
  • SERVER-WEBAPP technote print.cgi directory traversal attempt
  • SERVER-WEBAPP /cgi-dos/ access
  • SERVER-WEBAPP /cgi-bin/ access
  • SERVER-WEBAPP talkback.cgi directory traversal attempt
  • SERVER-WEBAPP pfdispaly.cgi arbitrary command execution attempt
  • SERVER-WEBAPP Home Free search.cgi directory traversal attempt
  • SERVER-WEBAPP FormHandler.cgi external site redirection attempt
  • SERVER-WEBAPP FormHandler.cgi directory traversal attempt attempt
  • SERVER-WEBAPP faqmanager.cgi arbitrary file access attempt
  • SERVER-WEBAPP loadpage.cgi directory traversal attempt
  • SERVER-WEBAPP eshop.pl arbitrary command execution attempt
  • SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt
  • SERVER-WEBAPP hello.bat arbitrary command execution attempt
  • SERVER-WEBAPP echo.bat arbitrary command execution attempt
  • SERVER-WEBAPP envout.bat arbitrary command execution attempt
  • SERVER-WEBAPP input2.bat arbitrary command execution attempt
  • SERVER-WEBAPP input.bat arbitrary command execution attempt
  • SERVER-WEBAPP test.bat arbitrary command execution attempt
  • SERVER-WEBAPP AltaVista Intranet Search directory traversal attempt
  • SERVER-WEBAPP alibaba.pl arbitrary command execution attempt
  • SERVER-WEBAPP a1stats a1disp3.cgi directory traversal attempt
  • SERVER-WEBAPP htsearch arbitrary file read attempt
  • SERVER-WEBAPP htsearch arbitrary configuration file attempt
  • SERVER-WEBAPP ustorekeeper.pl directory traversal attempt
  • SERVER-WEBAPP ttawebtop.cgi arbitrary file attempt
  • SERVER-WEBAPP cal_make.pl directory traversal attempt
  • SERVER-WEBAPP book.cgi arbitrary command execution attempt
  • SERVER-WEBAPP Web Shopper shopper.cgi attempt
  • SERVER-WEBAPP directorypro.cgi attempt
  • SERVER-WEBAPP cgiforum.pl attempt
  • SERVER-WEBAPP auktion.cgi directory traversal attempt
  • SERVER-WEBAPP agora.cgi attempt
  • SERVER-WEBAPP webspirs.cgi directory traversal attempt
  • SERVER-WEBAPP Amaya templates sendtemp.pl directory traversal attempt
  • SERVER-WEBAPP pals-cgi arbitrary file access attempt
  • SERVER-WEBAPP wayboard attempt
  • SERVER-WEBAPP bb-hostscv.sh attempt
  • SERVER-WEBAPP bb-hist.sh attempt
  • SERVER-WEBAPP formmail arbitrary command execution attempt
  • SERVER-WEBAPP calendar_admin.pl arbitrary command execution attempt
  • SERVER-WEBAPP view-source directory traversal
  • SERVER-WEBAPP campas attempt
  • SERVER-WEBAPP test-cgi attempt
  • SERVER-WEBAPP htmlscript attempt
  • SERVER-WEBAPP imagemap.exe overflow attempt
  • SERVER-WEBAPP anaconda directory traversal attempt
  • SERVER-WEBAPP dcboard.cgi invalid user addition attempt
  • SERVER-WEBAPP dcforum.cgi directory traversal attempt
  • SERVER-WEBAPP webplus directory traversal
  • SERVER-WEBAPP whois_raw.cgi arbitrary command execution attempt
  • SERVER-WEBAPP SWSoft ASPSeek Overflow attempt
  • SERVER-WEBAPP HyperSeek hsx.cgi directory traversal attempt
  • SERVER-WEBAPP Remote Execution Backdoor Attempt Against Horde
  • SERVER-WEBAPP viewtopic.php access
  • SERVER-WEBAPP content-disposition file upload attempt
  • SERVER-WEBAPP PHPNuke Forum viewtopic SQL insertion attempt
  • SERVER-WEBAPP Opt-X header.php remote file include attempt
  • SERVER-WEBAPP WAnewsletter newsletter.php file include attempt
  • SERVER-WEBAPP PhpGedView PGV base directory manipulation
  • SERVER-WEBAPP PhpGedView PGV config_gedcom.php base directory manipulation attempt
  • SERVER-WEBAPP PhpGedView PGV functions.php base directory manipulation attempt
  • SERVER-WEBAPP PhpGedView PGV authentication_index.php base directory manipulation attempt
  • SERVER-WEBAPP YaBB SE packages.php file include
  • SERVER-WEBAPP news.php file include
  • SERVER-WEBAPP myphpPagetool pt_config.inc file include
  • SERVER-WEBAPP Invision Board ipchat.php file include
  • SERVER-WEBAPP Typo3 translations.php file include
  • SERVER-WEBAPP WebChat english.php file include
  • SERVER-WEBAPP WebChat db_mysql.php file include
  • SERVER-WEBAPP DCP-Portal remote file include lib script attempt
  • SERVER-WEBAPP DCP-Portal remote file include editor script attempt
  • SERVER-WEBAPP PayPal Storefront remote file include attempt
  • SERVER-WEBAPP gallery remote file include attempt
  • SERVER-WEBAPP rolis guestbook remote file include attempt
  • SERVER-WEBAPP phpMyAdmin db_details_importdocsql.php access
  • SERVER-WEBAPP forum_details.php access
  • SERVER-WEBAPP pmachine remote file include attempt
  • SERVER-WEBAPP ttforum remote file include attempt
  • SERVER-WEBAPP autohtml.php directory traversal attempt
  • SERVER-WEBAPP ttCMS header.php remote file include attempt
  • SERVER-WEBAPP BLNews objects.inc.php4 remote file include attempt
  • SERVER-WEBAPP b2 cafelog gm-2-b2.php remote file include attempt
  • SERVER-WEBAPP shoutbox.php directory traversal attempt
  • SERVER-WEBAPP Mambo upload.php upload php file attempt
  • SERVER-WEBAPP Mambo uploadimage.php upload php file attempt
  • SERVER-WEBAPP strings overflow
  • SERVER-WEBAPP strings overflow
  • SERVER-WEBAPP Phorum /support/common.php access
  • SERVER-WEBAPP Phorum /support/common.php attempt
  • SERVER-WEBAPP PHP-Nuke remote file include attempt
  • SERVER-WEBAPP remote include path attempt
  • SERVER-WEBAPP phpbb quick-reply.php arbitrary command attempt
  • SERVER-WEBAPP PHP-Wiki cross site scripting attempt
  • SERVER-WEBAPP Blahz-DNS dostuff.php modify user attempt
  • SERVER-WEBAPP DNSTools authentication bypass attempt
  • SERVER-WEBAPP DNSTools administrator authentication bypass attempt
  • SERVER-WEBAPP squirrel mail theme arbitrary command attempt
  • SERVER-WEBAPP squirrel mail spell-check arbitrary command attempt
  • SERVER-WEBAPP content-disposition memchr overflow
  • SERVER-WEBAPP TRACE attempt
  • SERVER-WEBAPP Compaq web-based management agent denial of service attempt
  • SERVER-WEBAPP Oracle 10g iSQLPlus login.unix connectID overflow attempt
  • SERVER-WEBAPP Oracle iSQLPlus login.uix username overflow attempt
  • SERVER-WEBAPP Oracle iSQLPlus username overflow attempt
  • SERVER-WEBAPP Oracle iSQLPlus sid overflow attempt
  • SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt
  • SERVER-WEBAPP Samba SWAT Authorization overflow attempt
  • SERVER-WEBAPP NetObserve authentication bypass attempt
  • SERVER-WEBAPP RealNetworks RealSystem Server DESCRIBE buffer overflow attempt
  • SERVER-WEBAPP WebLogic ConsoleHelp view source attempt
  • SERVER-WEBAPP philboard_admin.asp authentication bypass attempt
  • SERVER-WEBAPP post32.exe arbitrary command attempt
  • SERVER-WEBAPP BitKeeper arbitrary command attempt
  • SERVER-WEBAPP Lotus Notes .exe script source download attempt
  • SERVER-WEBAPP Lotus Notes .pl script source download attempt
  • SERVER-WEBAPP Lotus Notes .csp script source download attempt
  • SERVER-WEBAPP MsmMask.exe attempt
  • SERVER-WEBAPP perl post attempt
  • SERVER-WEBAPP answerbook2 arbitrary command execution attempt
  • SERVER-WEBAPP mailman cross site scripting attempt
  • SERVER-WEBAPP Macromedia SiteSpring cross site scripting attempt
  • SERVER-WEBAPP jigsaw dos attempt
  • SERVER-WEBAPP iPlanet Search directory traversal attempt
  • SERVER-WEBAPP Compaq Insight directory traversal
  • SERVER-WEBAPP search.dll directory listing attempt
  • SERVER-WEBAPP b2 arbitrary command execution attempt
  • SERVER-WEBAPP SecureSite authentication bypass attempt
  • SERVER-WEBAPP global.inc access
  • SERVER-WEBAPP Cisco HTTP double-percent DOS attempt
  • SERVER-WEBAPP Axis Storpoint CD attempt
  • SERVER-WEBAPP ans.pl attempt
  • SERVER-WEBAPP PCCS mysql database admin tool access
  • SERVER-WEBAPP *%20.pl access
  • SERVER-WEBAPP RBS ISP /newuser directory traversal attempt
  • SERVER-WEBAPP nobody access
  • SERVER-WEBAPP .bash_history access
  • SERVER-WEBAPP .history access
  • SERVER-WEBAPP jrun directory browse attempt
  • SERVER-WEBAPP weblogic/tomcat .jsp view source attempt
  • SERVER-WEBAPP musicat empower attempt
  • SERVER-WEBAPP htgrep attempt
  • SERVER-WEBAPP Netscape Enterprise Server directory view
  • SERVER-WEBAPP oracle web arbitrary command execution attempt
  • SERVER-WEBAPP SalesLogix Eviewer web command attempt
  • SERVER-WEBAPP handler attempt
  • SERVER-WEBAPP ftp.pl attempt
  • SERVER-WEBAPP Netscape admin passwd
  • SERVER-WEBAPP nessus 1.X 404 probe
  • SERVER-WEBAPP SmartWin CyberOffice Shopping Cart access
  • SERVER-WEBAPP Talentsoft Web+ Source Code view access
  • SERVER-WEBAPP ICQ Webfront HTTP DOS
  • SERVER-WEBAPP Allaire JRUN DOS attempt
  • SERVER-WEBAPP amazon 1-click cookie theft
  • SERVER-WEBAPP Netscape Servers suite DOS
  • SERVER-WEBAPP unify eWave ServletExec upload
  • SERVER-WEBAPP Lotus Domino directory traversal
  • SERVER-WEBAPP .htpasswd access attempt
  • SERVER-WEBAPP iPlanet GETPROPERTIES attempt
  • SERVER-WEBAPP Netscape Enterprise directory listing attempt
  • SERVER-WEBAPP Netscape Enterprise DOS
  • SERVER-WEBAPP cross site scripting HTML Image tag set to javascript attempt
  • SERVER-WEBAPP JavaScript tag in User-Agent field possible XSS attempt
  • SERVER-WEBAPP vBulletin XSS redirect attempt
  • SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt
  • SERVER-WEBAPP Western Digital MyCloud command injection attempt
  • SERVER-WEBAPP Western Digital MyCloud command injection attempt
  • SERVER-WEBAPP Western Digital MyCloud command injection attempt
  • SERVER-WEBAPP Western Digital MyCloud command injection attempt
  • SERVER-WEBAPP WordPress get_post authentication bypass attempt
  • SERVER-WEBAPP WordPress get_post authentication bypass attempt
  • SERVER-WEBAPP WordPress get_post authentication bypass attempt
  • SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt
  • SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt
  • SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt
  • SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt
  • SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt
  • SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt
  • SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt
  • SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt
  • SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt
  • SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt
  • SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt
  • SERVER-WEBAPP Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host Remote Command Execution attempt
  • SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt
  • SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt
  • SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt
  • SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt
  • SERVER-WEBAPP Internal field separator use in HTTP URI attempt
  • SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt
  • SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt
  • SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt
  • SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt
  • SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt
  • SERVER-WEBAPP Joomla restore.php PHP object injection attempt
  • SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt
  • SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt
  • SERVER-WEBAPP TwonkyMedia server directory listing attempt
  • SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
  • SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt
  • SERVER-WEBAPP Nagios XI SQL injection attempt
  • SERVER-WEBAPP NagiosXI SQL injection attempt
  • SERVER-WEBAPP Nagios XI command injection attempt
  • SERVER-WEBAPP Nagios XI database settings modification attempt
  • SERVER-WEBAPP Anti-Web directory traversal attempt
  • SERVER-WEBAPP DotNetNuke DreamSlider arbitrary file download attempt
  • SERVER-WEBAPP Magecart inbound scan for vulnerable plugin attempt
  • SERVER-WEBAPP Tpshop remote file include attempt
  • SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt
  • SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt
  • SQL xp_enumdsn attempt
  • SQL xp_filelist attempt
  • SQL xp_availablemedia attempt
  • SQL xp_cmdshell attempt
  • SQL generic convert injection attempt - GET parameter
  • SQL use of sleep function in HTTP header - likely SQL injection attempt

Сигнатуры misc-activity

  • ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection
  • ET SCAN Behavioral Unusual Port 137 traffic Potential Scan or Infection
  • ET SCAN Behavioral Unusual Port 139 traffic Potential Scan or Infection
  • ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
  • ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
  • ET SCAN Behavioral Unusual Port 1434 traffic Potential Scan or Infection
  • PROTOCOL-OTHER NETBIOS SMB IPC share access attempt

Сигнатуры network-scan

Сигнатуры trojan-activity

Сигнатуры attempted-user

  • SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt

Сигнатуры attempted-recon

  • OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt
  • OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt
  • ET SCAN Potential SSH Scan OUTBOUND

Сигнатуры attempted-admin

  • OS-WINDOWS Microsoft Windows SMB remote code execution attempt

Сигнатуры policy-violation

  • OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected
Добавить комментарий