Changeset 1734
- Timestamp:
- 11/29/06 23:48:36 (2 years ago)
- Files:
-
- psad/trunk/signatures (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
psad/trunk/signatures
r1733 r1734 130 130 alert tcp $EXTERNAL_NET any -> $HOME_NET 5631:5632 (msg:"MISC PCAnywhere communication attempt"; flags:S; classtype:attempted-admin; psad_id:100073; psad_dl:2; psad_derived_sids:507,512;) 131 131 alert tcp $EXTERNAL_NET any -> $HOME_NET 5900 (msg:"MISC VNC communication attempt"; flags:S; reference:url,http://isc.sans.org/port_details.php?port=5900; reference:url,http://secunia.com/advisories/20107; classtype:attempted-admin; psad_id:100202; psad_dl:2;) 132 alert tcp $EXTERNAL_NET any -> $HOME_NET 7212 (msg:"MISC Ghostsurf communication attempt"; flags:S; reference:url,http://isc.sans.org/port_details.php?port=7212; reference:url,http://www.tenebril.com/src/advisories/open-proxy-relay.php; classtype:misc-activity; psad_id:100203; psad_dl:2;) 132 133 #alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"MISC Tiny Fragments"; dsize:< 25; fragbits:M; classtype:bad-unknown; sid:100; psad_id:100000; psad_dl:2;) 133 134 alert udp $EXTERNAL_NET any -> $HOME_NET 1900 (msg:"SCAN UPnP communication attempt"; classtype:misc-attack; psad_dsize:>8; psad_id:100074; psad_dl:2; psad_derived_sids:1917,1384,1388;)
