源码地带 > 电路图 > 电子资料下载 > 书籍源码 >网络入侵检测系统的原代码,是对snort的进一步改进和完善 > 查看压缩包源码

网络入侵检测系统的原代码,是对snort的进一步改进和完善

源代码在线查看： misc-lib

软件大小：	2190 K
上传用户：	joyman
关键词：	snort 网络入侵检测系统代码
下载地址：	免注册下载普通下载


相关代码
misc-lib misc-lib misc-lib misc-lib misc-lib misc-lib misc-lib msc51.bat

				# $Id: misc-lib,v 1.5 2000/11/18 08:25:04 roesch Exp $ 
				# "other" stuff goes in here
				
				alert udp any any -> $HOME_NET 161 (msg: "SNMP public access"; content:"public";)
				alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"VNC Active on Network"; flags:PA; content:"RFB 003.003";) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS116 - MISC-SourceRoute-ICMP-lssr";ipopts:lsrr;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"IDS212 - MISC - DNS Zone Transfer"; content: "|01 00 00 01 00 00 00 00 00 00|"; flags: AP; offset: 2; depth: 16;) 
				alert tcp $EXTERNAL_NET 53 -> $HOME_NET :1023 (msg:"IDS007 - MISC-Source Port Traffic 53 TCP"; flags:S;) 
				alert udp $EXTERNAL_NET 53 -> $HOME_NET 138:1023 (msg:"MISC-Source Port Traffic 138-1023";) 
				alert udp $EXTERNAL_NET 53 -> $HOME_NET 54:136 (msg:"MISC-Source Port Traffic 54-136";) 
				alert udp $EXTERNAL_NET 53 -> $HOME_NET 0:52 (msg:"MISC-Source Port Traffic 0-52";) 
				alert tcp $EXTERNAL_NET 20 -> $HOME_NET :1023 (msg:"IDS006 - MISC-Source Port Traffic 20 TCP"; flags:S; ) 
				alert udp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"MISC-DNS-version-query"; content:"version|04|bind|0000 1000 03";) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 5631 (msg:"MISC-PCAnywhere Attempted Administrator Login";flags:PA; content:"ADMINISTRATOR";) 
				alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS003 - MISC-Traceroute UDP";ttl:"1";) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"MISC-Traceroute TCP";ttl:"1";) 
				alert tcp $EXTERNAL_NET !53 -> $HOME_NET 1080 (msg:"MISC-WinGate-1080-Attempt";flags:S;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS117 - MISC-SourceRoute-ICMP-lssre";ipopts:lsrre;) 
				alert udp $EXTERNAL_NET any -> $HOME_NET 5632 (msg:"IDS239 - MISC-PCAnywhere Startup"; content:"ST"; depth: 2;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"MISC-IRDP-Router-Selection(l0phtattack)";itype:10;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS174 - MISC-IRDPRouterSelection";itype:10;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS173 - MISC-IRDPRouterAdvertisement";itype:9;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS199 - CVE-1999-0265 - MISC-ICMPRedirectNet";itype:5;icode:0;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS135 - CVE-1999-0265 - MISC-ICMPRedirectHost";itype:5;icode:1;) 
				alert icmp $EXTERNAL_NET any -> $EXTERNAL_NET any (msg:"IDS238 - Traceroute IPOPTS"; ipopts: rr; itype: 0;) 
				alert tcp $EXTERNAL_NET 6000:6005 -> $HOME_NET any (msg:"IDS126 - Outgoing Xterm"; flags: SA;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"MISC-Passwd-Attempt";flags:PA; content:"passwd";) 
				alert udp $EXTERNAL_NET any -> $HOME_NET !520 (msg:"IDS115 - MISC-Traceroute-UDP";TTL:1;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IDS147 - CVE-1999-004 - IMAP-x86-linux-buffer-overflow";flags:PA; content:"|e8c0 ffff ff|/bin/sh";) 
				alert tcp $EXTERNAL_NET !53 -> $HOME_NET 8080 (msg:"MISC-WinGate-8080-Attempt";flags:S;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 32771 (msg:"MISC-Attempted Sun RPC high port access";) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS118 - MISC-Traceroute ICMP";ttl:1;itype:8;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET any (ipopts: lsrr; msg: "Source routed packet";) 
				alert tcp any any  any 6699 (msg:"Napster Client Data"; flags:PA; content:".mp3"; nocase;) 
				alert tcp any any  any 8888 (msg:"Napster 8888 Data"; flags:PA; content:".mp3"; nocase;) 
				alert tcp any any  any 7777 (msg:"Napster 7777 Data"; flags:PA; content:".mp3"; nocase;) 
				alert tcp any any  any 6666 (msg:"Napster 6666 Data"; flags:PA; content:".mp3"; nocase;) 
				alert tcp any any  any 5555 (msg:"Napster 5555 Data"; flags:PA; content:".mp3"; nocase;) 
				alert tcp any any  any 4444 (msg:"Napster 4444 Data"; flags:PA; content:".mp3"; nocase;) 
				alert tcp any any  any 8875 (msg:"Napster Server Login"; flags:PA; content:"anon@napster.com";) 
				alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"BUGTRAQ ID 1009 - Possible attempt at Bay/Nortel Nautica Marlin DoS); dsize:0;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 9090 (msg:"MISC - Attempt at VQServer Admin"; flags:PA; content:"GET / HTTP/1.1"; nocase;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:"MISC Knox Arkeia DOS"; flags:PA;dsize:>1445;) 
				alert udp $EXTERNAL_NET any -> $HOME_NET any (ipopts: ssrr; msg: "Source routed packet";) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 1417 (msg:"IDS229 - Insecure TIMBUKTU Password"; content: "|05 00 3E|"; flags: AP; depth: 16;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET any (ipopts: ssrr; msg: "Source routed packet";) 
				alert tcp $HOME_NET 5632 -> $EXTERNAL_NET any (msg:"IDS240 - MISC-PCAnywhere Failed Login";flags:PA; content:"Invalid login"; depth: 16;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (ipopts: ssrr; msg: "Source routed packet";) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (ipopts: lsrr; msg: "Source routed packet";) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS264 MISC DoS ath0"; content: "+++ath0"; nocase; itype: 8;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 8080 (msg:"IDS267 - Delegate proxy overflow"; content: "whois|3a|//"; nocase; flags: AP; dsize: >1000;) 
				alert udp $EXTERNAL_NET any -> $HOME_NET 9 (msg:"IDS262 - CVE-1999-0060 - Ascend Router DoS"; content: "|4e 41 4d 45 4e 41 4d 45|"; offset: 25; depth: 50;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"IDS260 - MISC Annex Terminal DOS"; flags:PA;dsize:>1446; content:"ping?query";) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:"IDS261 - MISC DoS arkiea backup"; flags: AP; dsize: >1445;) 
				alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"IDS204 - NT NULL session"; flags:PA; content: "|00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 38 00 31|";) 
				# alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS247 - MISC - Large UDP Packet"; dsize: >800;) 
				alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS246 - MISC - Large ICMP Packet"; dsize: >800;) 
				alert tcp $HOME_NET 7161 -> $EXTERNAL_NET any (msg:"IDS129 - CVE-1999-0430 - Cisco Catalyst Remote Access"; flags:SA;) 
				alert udp $EXTERNAL_NET any -> $HOME_NET any (ipopts: lsrr; msg: "Source routed packet";)


相关资源
网络入侵检测系统的原代码,是对snort的进一步改进和完善 javascript 的原代码,是一本书的代码 SWT的原代码是我写的TableViewer视图基于TCP/IP协议的网络入侵检测系统是在Linux平台下该源码是用C语言编写的,实现网络入侵检测系统的功能 Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前 Snort作为一个轻量级的网络入侵检测系统,在实际中应用可能会有些力不从心,但如果想了解研究IDS的工作原理,仔细研究一下它的源码到是非常不错.首先对snort做一个概括的评论网络入侵检测系统的源代码检测网络入侵的存在数据来源是收集到的dump数据集

网络入侵检测系统的原代码,是对snort的进一步改进和完善

源代码在线查看： misc-lib

相关代码

相关资源

友情链接