Tag: snort
Linux Malware Detectection
by Ryan M. on Oct.19, 2009, under Development Blog, My Blog
I have the last few weeks been working on a new project for malware detection on Linux web servers, it is already at a pre-release version in use at work and it has shown phenomenal promise.
Right to it, some background… On a daily basis the network I manage receives a large number of attacks, [...]
Snorting the Web Farm
by Ryan M. on Jun.10, 2009, under My Blog
Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments.
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;)
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300020; [...]
-
Welcome to R-fx Networks!
I welcome you to the new R-fx Networks, now strictly devoted to our projects and community at large. Join me as I strive to find a new path for the site and projects - we are still very much alive and active!
Please see the about us page for more details on why this change has been made. 
OSS-SEC Updates- Re: CVE request: kernel: connector security bypass March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- BugTraq Updates
- Vuln: dpkg-source Directory Traversal Vulnerability March 10, 2010
- Vuln: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability March 10, 2010
- Vuln: CUPS File Descriptors Handling Remote Denial Of Service Vulnerability March 10, 2010
- Vuln: CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability March 10, 2010
- Bugtraq: [USN-909-1] dpkg vulnerability
- Milw0rm Updates
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability September 20, 2009
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2 September 20, 2009
- Joomla com_mytube (user_id) Blind SQL Injection Exploit September 20, 2009
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit September 20, 2009
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability September 20, 2009
