Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # $Id: local.rules,v 1.11 2004/07/23 20:15:44 bmc Exp $
- # ----------------
- # LOCAL RULES
- # ----------------
- # This file intentionally does not come with signatures. Put your local
- # additions here.
- # test
- alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:1000001; rev:1; classtype:icmp-event;)
- #lab
- alert tcp 192.168.0.0/24 any <> !192.168.0.0/24 any (msg:"External WEB request";sid:1;)
- #alert tcp 192.168.0.0/24 any <> !192.168.0.0/24 any (msg:"External WEB request";sid:1;react:block)
- #alert tcp !192.168.1.0/24 any -> 192.168.1.0/24 any (msg:"IDS004 - SCAN-NULL Scan";flags:0; seq:0; ack:0;)
- #alert tcp any any -> any any (flags:S,12; msg:"SYN"; sid: 1231213;)
- #individual
- # убиваем UNION SQL injection
- drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"UNION SQL Injection";uricontent:"union";nocase;uricontent:"select";nocase;sid:1;gid:666;)
- # убиваем blind SQL injection
- drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Blind SQL Injection";uricontent:"ascii";nocase;uricontent:"substr";nocase;uricontent:"select";nocase;sid:2;gid:666;)
- # убиваем XSS/CSS
- drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"XSS/CSS attack";uricontent:"";nocase;sid:4;gid:666;)
- # убиваем хитрый XSS/CSS
- drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"XSS/CSS attack";pcre:"/GET \/.*\?.*=(javascript:|onclick=|onmouseover=|onmouseout=|onload=).*\n/i";sid:5;gid:666;)
- # убиваем ../../../etc/passwd
- drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"PHP include attack";uricontent:"=../..";sid:6;gid:666;)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement