alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"ET EXPLOIT IIS FTP Exploit - NLST"; flow:established,to_server; content:"NLST "; depth:5; isdataat:100,relative; nocase; content:"|2a|"; content:!"|0d 0a|"; within:100; classtype:attempted-admin; reference:url,www.milw0rm.com/exploits/9541; sid:2009859; rev:1;)

Added 2009-09-03 22:30:39 UTC


Topic revision: r1 - 2009-09-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats