Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###########################SYSTEM ACCESS#######################################
- alert tcp any any -> any any (msg:"system access adding users and or permissions!!";flow:established;content:"|6e 65 74|";content:"|2f 61 64 64|";within:30;sid:9000099;)
- alert tcp any any -> any any (msg:"system access";flow:established;content:"|57 49 4e 44 4f 57 53 5c 73 79 73 74 65 6d 33 32|";sid:9000098;)
- event_filter \
- gen_id 1, sig_id 9000099, \
- type limit, track by_src, \
- count 1, seconds 120
- event_filter \
- gen_id 1, sig_id 9000098, \
- type limit, track by_dst, \
- count 1, seconds 120
- ###########################REMOTE DCOM EXPLOIT#################################
- alert tcp any any -> any 135 (msg:"dcom exploit";flow:established;flags:PA;content:"|0b|";offset:69;sid:9000097;)
- event_filter \
- gen_id 1, sig_id 9000097, \
- type limit, track by_dst, \
- count 1, seconds 120
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement