R-fx Networks

HowTo

Snorting the Web Farm

by on Jun.10, 2009, under Development, HowTo

Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments. alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;) alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; […]

1 Comment :, more...

BOGON Filtering, Update It

by on Apr.17, 2009, under Development, HowTo

One of the features used by APF to prevent address spoofing is that it filters reserved IP address space, also known as BOGON filtering. This is an otherwise very reliable method to keep out random unallocated spoofed addresses from injecting traffic towards your server, assuming of course the list is updated regularly. We decided a […]

Leave a Comment :, , more...

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...