alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS MS ANI exploit (rule 2)"; flow:established,from_server; content:"anih"; nocase; content:"anih"; nocase; distance:4; pcre:"/^RIFF.*anih\x24\x00\x00\x00.*anih(?!\x24\x00\x00\x00)/im"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2534; reference:url,www.avertlabs.com/research/blog/?p=233; reference:url,doc.bleedingthreats.net/2003524; sid:2003524; rev:1;)

Added 2007-03-31 12:09:03 UTC


Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats