资源简介
snort官方2.8规则库文件 想要的快来下载吧
代码片段和文件信息
/*
* Linux Kernel ICMP Packet Handling Denial of Service
*
* Copyright (C) 2007 Sourcefire Inc. All Rights Reserved
*
* Written by Patrick Mullen Sourcefire VRT
*
* This file may contain proprietary rules that were created tested and
* certified by Sourcefire Inc. (the “VRT Certified Rules“) as well as
* rules that were created by Sourcefire and other third parties and
* distributed under the GNU General Public License (the “GPL Rules“). The
* VRT Certified Rules contained in this file are the property of
* Sourcefire Inc. Copyright 2005 Sourcefire Inc. All Rights Reserved.
* The GPL Rules created by Sourcefire Inc. are the property of
* Sourcefire Inc. Copyright 2002-2005 Sourcefire Inc. All Rights
* Reserved. All other GPL Rules are owned and copyrighted by their
* respective owners (please see www.snort.org/contributors for a list of
* owners and their respective copyrights). In order to determine what
* rules are VRT Certified Rules or GPL Rules please refer to the VRT
* Certified Rules License Agreement.
*/
#include “sf_snort_plugin_api.h“
#include “sf_snort_packet.h“
//#define DEBUG
#ifdef DEBUG
#define DEBUG_WRAP(code) code
#else
#define DEBUG_WRAP(code)
#endif
/* declare detection functions */
int ruleLINUXICMPDOSeval(void *p);
/* references sid LINUXICMPDOS */
static RuleReference ruleLINUXICMPDOSref1 =
{
“url“
“www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3“
};
static RuleReference ruleLINUXICMPDOSref2 =
{
“cve“
“2006-0454“
};
static RuleReference ruleLINUXICMPDOSref3 =
{
“bugtraq“
“16532“
};
static RuleReference *ruleLINUXICMPDOSrefs[] =
{
&ruleLINUXICMPDOSref1
&ruleLINUXICMPDOSref2
&ruleLINUXICMPDOSref3
NULL
};
static HdrOptCheck ruleLINUXICMPDOSprotocheck0 =
{
IP_HDR_OPTIONS
CHECK_EQ
0x07
};
static RuleOption ruleLINUXICMPDOSoption0 =
{
OPTION_TYPE_HDR_CHECK
{
&ruleLINUXICMPDOSprotocheck0
}
};
static HdrOptCheck ruleLINUXICMPDOSprotocheck1 =
{
IP_HDR_OPTIONS
CHECK_EQ
0x44
};
static RuleOption ruleLINUXICMPDOSoption1 =
{
OPTION_TYPE_HDR_CHECK
{
&ruleLINUXICMPDOSprotocheck1
}
};
RuleOption *ruleLINUXICMPDOSoptions[] =
{
&ruleLINUXICMPDOSoption0
&ruleLINUXICMPDOSoption1
NULL
};
Rule ruleLINUXICMPDOS = {
/* rule header akin to => tcp any any -> any any */
{
IPPROTO_IP /* proto */
EXTERNAL_NET /* SRCIP */
“any“ /* SRCPORT */
0 /* DIRECTION */
HOME_NET /* DSTIP */
“any“ /* DSTPORT */
}
/* metadata */
{
3 /* genid (HARDCODED!!!) */
13307 /* sid ca4ab340-2c84-4e52-a149-0c115e648a95 */
1 /* revision db51aa91-f98f-4e94-8308-2e338761e9d0 */
“denial-of-service“ /* classification generic */
0 /* hardcoded priority XXX NOT PROVIDED BY GR
相关资源
- snortrules-snapshot-CURRENT.tar
- snortrules-snapshot-2.8.tar.gz
- snort 2.9.12版本 for Windows
- SNORT入侵检测系统规则匹配算法的研究
- snort-2.9.8.0.tar.gz
- Snort_2_9_0_1_Installer.exe
- snort源码分析(基于snort的入侵检测系
- Snort_2_8_6_Installer.exe
- 一套非常完整的snort入侵检测
- snort-2.9.11源码
- snort 2.8.5.3 for windows
- snort源码大全1.7,2.4,2.6
- Snort & IDScenter 软件
- Snort入侵检测系统源码分析--独孤九贱
- 网络入侵检测系统snort-2.8.6.1
- idscenter
- linux(centos)系统安全snort——搭建入
- snort 教程
- 入侵检测 snort 详细使用实验教程
- windows下配置snort所需全部资源
- [Snort轻量级入侵检测系统全攻略].陈伟
- Snort2.8规则集
- snort规则 snortrules-snapshot-2.8.tar.gz/sno
- Snort 2.9.8.2预处理器开发文档
- snort最新规则很难下到的
- windows下snort安装配置教程
- airsnort-0.2.7
- windows下编译出的snort.exe
评论
共有 条评论