R-fx Networks

Archive for June, 2009

Snorting the Web Farm

by on Jun.10, 2009, under Development, HowTo

Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments. alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;) alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; […]

1 Comment :, more...

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...