Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:64004
This rule looks for path traversal sequences present in the following parameters in HTTP requests sent to the /ACSServer/DownloadFileServlet endpoint on Draytek VigorConnect web applications: show_file_name.
1:64003
This rule looks for path traversal sequences present in the following parameters in HTTP requests sent to the /ACSServer/DownloadFileServlet endpoint on Draytek VigorConnect web applications: show_file_name.
1:64001
This rule alerts on unusually low client ports connecting to SSH servers. While not necessarily malicious, it is highly unusual for a benign client to use a low numbered port (one within the list of "well-known" ports) to open a connection. For instance, the Mozi variant of the Mirai botnet has been observed connecting to SSH servers from unusually low ports.
1:64000
This rule looks for Java expression language injection patterns present in the following parameters in HTTP requests sent to the /function/save endpoint on spider-flow web applications: script.
1:63999
This rule looks for Java expression language injection patterns present in the following parameters in HTTP requests sent to the /function/save endpoint on spider-flow web applications: script.
1:63998
This rule looks for Java expression language injection patterns present in the following parameters in HTTP requests sent to the /function/save endpoint on spider-flow web applications: script.