?? netbios.rules
字號(hào):
# $Id: netbios.rules,v 1.7 2001/07/29 16:36:35 cazz Exp $#--------------# NETBIOS RULES#--------------alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS DOS RFPoison"; flags: A+; content: "|5C 00 5C 00 2A 00 53 00 4D 00 42 00 53 00 45 00 52 00 56 00 45 00 52 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00|";reference:arachnids,454; classtype:attempted-dos; sid:529; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS NT NULL session"; flags: A+; content: "|00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 38 00 31|"; reference:bugtraq,1163; reference:cve,CVE-CVE-2000-0347; reference:arachnids,204; classtype:attempted-recon; sid:530; rev:2;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS RFParalyze Attempt"; flags: A+; content:"BEAVIS"; content:"yep yep"; classtype:attempted-recon; sid:1239; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB ADMIN$access";flags: A+; content:"\\ADMIN$|00 41 3a 00|"; reference:arachnids,340; classtype:attempted-admin; sid:532; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB C$ access"; flags: A+; content: "|5c|C$|00 41 3a 00|";reference:arachnids,339; classtype:attempted-recon; sid:533; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB CD..";flags: A+; content:"\\..|2f 00 00 00|"; reference:arachnids,338; classtype:attempted-recon; sid:534; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB CD...";flags: A+; content:"\\...|00 00 00|"; reference:arachnids,337; classtype:attempted-recon; sid:535; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB D$access";flags: A+; content:"\\D$|00 41 3a 00|"; reference:arachnids,336; classtype:attempted-recon; sid:536; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB IPC$access";flags: A+; content:"\\IPC$|00 41 3a 00|"; reference:arachnids,335; classtype:attempted-recon; sid:537; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS SMB IPC$access";flags: A+; content:"|5c00|I|00|P|00|C|00|$|000000|IPC|00|"; reference:arachnids,334; classtype:attempted-recon; sid:538; rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS Samba clientaccess";flags: A+; content:"|00|Unix|00|Samba"; reference:arachnids,341; classtype:not-suspicious; sid:539; rev:1;)?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -