alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2002764; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_WinProxy; sid:2002764; rev:5;)

Added 2009-02-07 22:00:26 UTC

FP - Cisco Soft Phone activity, see pcap.

-- RickChisholm - 09 Feb 2009


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2002764; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_WinProxy; sid:2002764; rev:5;)

Added 2009-02-07 22:00:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )

Added 2007-10-27 10:16:07 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )

Added 2007-10-27 10:16:07 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE WEB MISC WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )



Topic revision: r2 - 2009-02-09 - RickChisholm
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats