[Emerging-Sigs] sid:2011465 - incorect msg?

Eoin Miller eoin.miller at trojanedbinaries.com
Wed Oct 13 09:42:10 EDT 2010


  Saw this pop up today... guessing something is supposed to be there 
instead of snort-2.8.6 like ET or something...

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
(msg:"snort-2.8.6 WEB_SERVER /bin/sh In URI, Possible Shell Command 
Execution Attempt Within Web Exploit"; flow:established,to_server; 
content:"/bin/sh"; http_uri; nocase; classtype:web-application-attack; 
sid:2011465; rev:4;)

;)

-- Eoin



More information about the Emerging-sigs mailing list