File: web-frontpage.rules

package info (click to toggle)
snort 2.3.3-11
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 22,512 kB
  • ctags: 11,344
  • sloc: ansic: 70,967; sh: 4,848; makefile: 748; perl: 478; sql: 212
file content (43 lines) | stat: -rw-r--r-- 9,484 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# (C) Copyright 2001-2004, Martin Roesch, Brian Caswell, et al.
#    All rights reserved.
# $Id: web-frontpage.rules,v 1.32.2.1 2004/10/13 20:25:58 bmc Exp $
#--------------------
# WEB-FRONTPAGE RULES
#--------------------

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE rad fp30reg.dll access"; flow:to_server,established; uricontent:"/fp30reg.dll"; nocase; reference:arachnids,555; reference:bugtraq,2906; reference:cve,2001-0341; reference:url,www.microsoft.com/technet/security/bulletin/MS01-035.mspx; classtype:web-application-activity; sid:1248; rev:13;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE frontpage rad fp4areg.dll access"; flow:to_server,established; uricontent:"/fp4areg.dll"; nocase; reference:bugtraq,2906; reference:cve,2001-0341; classtype:web-application-activity; sid:1249; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE _vti_rpc access"; flow:to_server,established; uricontent:"/_vti_rpc"; nocase; reference:bugtraq,2144; reference:cve,2001-0096; reference:nessus,10585; classtype:web-application-activity; sid:937; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE posting"; flow:to_server,established; content:"POST"; uricontent:"/author.dll"; nocase; reference:bugtraq,2144; reference:cve,2001-0096; reference:nessus,10585; classtype:web-application-activity; sid:939; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE shtml.dll access"; flow:to_server,established; uricontent:"/_vti_bin/shtml.dll"; nocase; reference:arachnids,292; reference:bugtraq,1174; reference:bugtraq,1594; reference:bugtraq,1595; reference:cve,2000-0413; reference:cve,2000-0746; reference:nessus,11395; reference:url,www.microsoft.com/technet/security/bulletin/ms00-060.mspx; classtype:web-application-activity; sid:940; rev:15;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE contents.htm access"; flow:to_server,established; uricontent:"/admcgi/contents.htm"; nocase; classtype:web-application-activity; sid:941; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE orders.htm access"; flow:to_server,established; uricontent:"/_private/orders.htm"; nocase; classtype:web-application-activity; sid:942; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE fpsrvadm.exe access"; flow:to_server,established; uricontent:"/fpsrvadm.exe"; nocase; classtype:web-application-activity; sid:943; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE fpremadm.exe access"; flow:to_server,established; uricontent:"/fpremadm.exe"; nocase; classtype:web-application-activity; sid:944; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE fpadmin.htm access"; flow:to_server,established; uricontent:"/admisapi/fpadmin.htm"; nocase; classtype:web-application-activity; sid:945; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE fpadmcgi.exe access"; flow:to_server,established; uricontent:"/scripts/Fpadmcgi.exe"; nocase; classtype:web-application-activity; sid:946; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE orders.txt access"; flow:to_server,established; uricontent:"/_private/orders.txt"; nocase; classtype:web-application-activity; sid:947; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE form_results access"; flow:to_server,established; uricontent:"/_private/form_results.txt"; nocase; reference:cve,1999-1052; classtype:web-application-activity; sid:948; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE registrations.htm access"; flow:to_server,established; uricontent:"/_private/registrations.htm"; nocase; classtype:web-application-activity; sid:949; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE cfgwiz.exe access"; flow:to_server,established; uricontent:"/cfgwiz.exe"; nocase; classtype:web-application-activity; sid:950; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE authors.pwd access"; flow:to_server,established; uricontent:"/authors.pwd"; nocase; reference:bugtraq,989; reference:cve,1999-0386; reference:nessus,10078; classtype:web-application-activity; sid:951; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE author.exe access"; flow:to_server,established; uricontent:"/_vti_bin/_vti_aut/author.exe"; nocase; classtype:web-application-activity; sid:952; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE administrators.pwd access"; flow:to_server,established; uricontent:"/administrators.pwd"; nocase; reference:bugtraq,1205; classtype:web-application-activity; sid:953; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE form_results.htm access"; flow:to_server,established; uricontent:"/_private/form_results.htm"; nocase; reference:cve,1999-1052; classtype:web-application-activity; sid:954; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE access.cnf access"; flow:to_server,established; uricontent:"/_vti_pvt/access.cnf"; nocase; reference:bugtraq,4078; reference:nessus,10575; classtype:web-application-activity; sid:955; rev:10;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE register.txt access"; flow:to_server,established; uricontent:"/_private/register.txt"; nocase; classtype:web-application-activity; sid:956; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE registrations.txt access"; flow:to_server,established; uricontent:"/_private/registrations.txt"; nocase; classtype:web-application-activity; sid:957; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE service.cnf access"; flow:to_server,established; uricontent:"/_vti_pvt/service.cnf"; nocase; reference:bugtraq,4078; reference:nessus,10575; classtype:web-application-activity; sid:958; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE service.pwd"; flow:to_server,established; uricontent:"/service.pwd"; nocase; reference:bugtraq,1205; classtype:web-application-activity; sid:959; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE service.stp access"; flow:to_server,established; uricontent:"/_vti_pvt/service.stp"; nocase; classtype:web-application-activity; sid:960; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE services.cnf access"; flow:to_server,established; uricontent:"/_vti_pvt/services.cnf"; nocase; reference:bugtraq,4078; reference:nessus,10575; classtype:web-application-activity; sid:961; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE shtml.exe access"; flow:to_server,established; uricontent:"/_vti_bin/shtml.exe"; nocase; reference:bugtraq,1174; reference:bugtraq,1608; reference:bugtraq,5804; reference:cve,2000-0413; reference:cve,2000-0709; reference:cve,2002-0692; reference:nessus,10405; reference:nessus,11311; classtype:web-application-activity; sid:962; rev:13;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE svcacl.cnf access"; flow:to_server,established; uricontent:"/_vti_pvt/svcacl.cnf"; nocase; reference:bugtraq,4078; reference:nessus,10575; classtype:web-application-activity; sid:963; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE users.pwd access"; flow:to_server,established; uricontent:"/users.pwd"; nocase; classtype:web-application-activity; sid:964; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE writeto.cnf access"; flow:to_server,established; uricontent:"/_vti_pvt/writeto.cnf"; nocase; reference:bugtraq,4078; reference:nessus,10575; classtype:web-application-activity; sid:965; rev:9;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE .... request"; flow:to_server,established; uricontent:"..../"; nocase; reference:arachnids,248; reference:bugtraq,989; reference:cve,1999-0386; reference:cve,2000-0153; reference:nessus,10142; classtype:web-application-attack; sid:966; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE dvwssr.dll access"; flow:to_server,established; uricontent:"/dvwssr.dll"; nocase; reference:arachnids,271; reference:bugtraq,1108; reference:bugtraq,1109; reference:cve,2000-0260; reference:url,www.microsoft.com/technet/security/bulletin/ms00-025.mspx; classtype:web-application-activity; sid:967; rev:11;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE register.htm access"; flow:to_server,established; uricontent:"/_private/register.htm"; nocase; classtype:web-application-activity; sid:968; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE /_vti_bin/ access"; flow:to_server,established; uricontent:"/_vti_bin/"; nocase; reference:nessus,11032; classtype:web-application-activity; sid:1288; rev:8;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE _vti_inf.html access"; flow:to_server,established; uricontent:"/_vti_inf.html"; nocase; reference:nessus,11455; classtype:web-application-activity; sid:990; rev:9;)