Advertisement
Guest User

rulesz

a guest
Feb 12th, 2016
50
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.86 KB | None | 0 0
  1. ###########################SYSTEM ACCESS#######################################
  2. alert tcp any any -> any any (msg:"system access adding users and or permissions!!";flow:established;content:"|6e 65 74|";content:"|2f 61 64 64|";within:30;sid:9000099;)
  3. alert tcp any any -> any any (msg:"system access";flow:established;content:"|57 49 4e 44 4f 57 53 5c 73 79 73 74 65 6d 33 32|";sid:9000098;)
  4.  
  5. event_filter \
  6. gen_id 1, sig_id 9000099, \
  7. type limit, track by_src, \
  8. count 1, seconds 120
  9.  
  10. event_filter \
  11. gen_id 1, sig_id 9000098, \
  12. type limit, track by_dst, \
  13. count 1, seconds 120
  14.  
  15. ###########################REMOTE DCOM EXPLOIT#################################
  16. alert tcp any any -> any 135 (msg:"dcom exploit";flow:established;flags:PA;content:"|0b|";offset:69;sid:9000097;)
  17.  
  18. event_filter \
  19. gen_id 1, sig_id 9000097, \
  20. type limit, track by_dst, \
  21. count 1, seconds 120
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement