[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] TRONS Rules for SoBig.C



Since there was a lot of interest in the BugBear rules I posted earlier,
here are the SoBig.C TRONS rules for RealSecure 7.0.


alert tcp any any -> any 25
(msg:"SoBig";content:"movie.pif";sid:1;rev:1;)
alert tcp any any -> any 25
(msg:"SoBig";content:"submited.pif";sid:1;rev:1;)
alert tcp any any -> any 25
(msg:"SoBig";content:"45443.pif";sid:1;rev:1;)
alert tcp any any -> any 25
(msg:"SoBig";content:"documents.pif";sid:1;rev:1;)
alert tcp any any -> any 25
(msg:"SoBig";content:"approved.pif";sid:1;rev:1;)
alert tcp any any -> any 25
(msg:"SoBig";content:"application.pif";sid:1;rev:1;)
alert tcp any any -> any 25
(msg:"SoBig";content:"document.pif";sid:1;rev:1;)

--------------------------------------------------------------
Chris Rouland
Vice President
X-Force R&D
Internet Security Systems, Inc.
http://xforce.iss.net
crouland@xxxxxxx
 

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo