Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:66711
This rule looks for DNS response packets that contain a DNAME resource record positioned after other records, a pattern indicative of the known parsing flaw. Successful exploitation can cause the DHCP client to crash or become unresponsive, resulting in a denial of service.
1:59052
This rule looks for attempts to change a computer account's sAMAccountName attribute to a string that does not end in a dollar sign.
1:66708
This rule looks for LDAP searchRequest packets that contain the "certificateListExactMatch" filter OID followed by a "thisUpdate" attribute with an unusually short quoted value. Successful exploitation can cause the OpenLDAP service to crash, resulting in denial of service.
1:66707
This rule looks for command injection metacharacters present in the username field in HTTP requests sent to the /cgi-bin/luci/rpc/auth endpoint on Lantronix EDS5000 web applications.
1:66706
This rule looks for command injection metacharacters present in the following parameters in HTTP requests sent to the /cgi-bin/luci endpoint on Lantronix EDS5000 web applications: luci_username.
1:66705
This rule looks for command injection metacharacters present in the following parameters in HTTP requests sent to the /cgi-bin/luci endpoint on Lantronix EDS5000 web applications: luci_username.