R-fx Networks

Tag: snort

Linux Malware Detectection

by on Oct.19, 2009, under Development

[ UPDATE: Linux Malware Detect has been released ] I have the last few weeks been working on a new project for malware detection on Linux web servers, it is already at a pre-release version in use at work and it has shown phenomenal promise. Right to it, some background… On a daily basis the […]

11 Comments :, , , more...

Snorting the Web Farm

by on Jun.10, 2009, under Development, HowTo

Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments. alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;) alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; […]

1 Comment :, more...

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...