Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Правило для Snort в режиме IPS для блокировки Command Injection:
- preprocessor normalize_ip4
- preprocessor normalize_tcp: ips ecn stream
- preprocessor normalize_icmp4
- preprocessor normalize_ip6
- preprocessor normalize_icmp6
- config policy_mode:inline
- config daq: afpacket
- config daq_mode: inline
- config daq_var: buffer_size_mb=1024
- var HOME_NET 192.168.10.0/24
- var EXTERNAL_NET !$HOME_NET
- drop tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg: "command injection"; sid: 100; pcre: "/[&|;]+/")
- drop tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg: "command injection"; sid: 101; pcre: "/%26|%7C|%3B/i")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement