[Emerging-Sigs] sid:2011465 - incorect msg?

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Oct 13 10:39:44 EDT 2010


Thanks Eoin. Human error once again. :)

Matt

On Oct 13, 2010, at 9:42 AM, Eoin Miller wrote:

>  Saw this pop up today... guessing something is supposed to be there 
> instead of snort-2.8.6 like ET or something...
> 
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
> (msg:"snort-2.8.6 WEB_SERVER /bin/sh In URI, Possible Shell Command 
> Execution Attempt Within Web Exploit"; flow:established,to_server; 
> content:"/bin/sh"; http_uri; nocase; classtype:web-application-attack; 
> sid:2011465; rev:4;)
> 
> ;)
> 
> -- Eoin
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-sigs mailing list