[Emerging-Sigs] [Fwd: SNORT FATAL ERROR]

Matt Jonkman jonkman at jonkmans.com
Tue Jan 13 10:49:08 EST 2009


Yes it does, why do you ask? :)

Fixed up, thanks for letting me know!

Matt

Michael Scheidell wrote:
>     does Accept: need a \: ?
> 
> 
>     alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
>     CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt
>     1"; flow:to_server,established; content:"POST
>     /roundcube/bin/html2text.php HTTP/1."; nocase; content:"Accept:
>     ZWNobyAoMzMzMjEyKzQzMjQ1NjY2KS4iICI7O3Bhc3N0aHJ1KCJ1bmFtZSAtYTtpZCIpOw==";
>     classtype:attempted-admin;
>     reference:url,isc.sans.org/diary.html?storyid=5599; sid:2009006; rev:1;)
> 
> 
>     -------- Original Message --------   
>      Subject:  HackerTrap Alert: FATAL ERROR  
>      Date:  Tue, 13 Jan 2009 03:10:58 +0100 (CET)  
>      From:  root at success-ae.hackertrap.net (Success-AE Root)  
>      To:  maint at success-ae.hackertrap.net  
> 
>     Jan 13 03:10:58 success-ae snort[43951]: FATAL ERROR:
>     rules/emerging.rules(147) => ParsePattern Got Null enclosed in
>     quotation marks (")!
> 
> 
> -- 
> Michael Scheidell, CTO
>>|SECNAP Network Security
> Winner 2008 Network Products Guide Hot Companies
> FreeBSD SpamAssassin Ports maintainer
> 
> 
> ------------------------------------------------------------------------
> 
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see www.secnap.com/products/spammertrap/
> <http://www.secnap.com/products/spammertrap/>
> 
> ------------------------------------------------------------------------
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




More information about the Emerging-sigs mailing list