[Ayuda] Re: [Ayuda] Detección de patrones con Snort
Javier Reyna Padilla
jreyna en onlinet.com.mx
Mar Sep 20 10:38:17 CDT 2005
garaged wrote:
>No veo que tengas las reglas de porno, porn.rules.
>
>Saludos
>Max
>
>
>
Estas son todas mis reglas
include $RULE_PATH/local.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/oracle.rules
include $RULE_PATH/mysql.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/info.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/chat.rules
include $RULE_PATH/multimedia.rules
include $RULE_PATH/p2p.rules
include $RULE_PATH/experimental.rules
include $RULE_PATH/bleeding-custom.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-game.rules
include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-policy.rules
include $RULE_PATH/bleeding.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-virus.rules
include $RULE_PATH/bleeding-web.rules
include $RULE_PATH/bleeding-attack_response.rules
detodas maneras aunque no tuviera la de porn, en innappropriate vienen
varias de este estilo:
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:
"BLEEDING-EDGE INAPPROPRIATE Likely Porn"; flow:
established,from_server; pcre:"/ (FREE XXX|dildo|masturbat|oral
sex|ejaculat|up skirt|tits|bondage|lolita|clitoris|cock suck|hardcore
(teen|anal|sex|porn)|raw sex|((fuck|sex|porn|xxx)
(movies|dvd))|((naked|nude) (celeb|lesbian)))\b/i"; classtype:
kickass-porn; sid: 2001608; rev:5; )
_______________________________________________
Ayuda mailing list
Ayuda en linux.org.mx
Para salir de la lista: http://mail.linux.org.mx/cgi-bin/mailman/listinfo/ayuda/
Más información sobre la lista de distribución Ayuda