String Matching signature series 8000 series
These signatures are highly configurable. They allow you to look for specific strings in the payload of a packet. If an attack is underway and there is not already a signature for it, a temporary string match can be put in place to help mitigate some of the risk.
-
8000:2101-FTP Retrieve Password File: This signature fires on string passwd issued during an FTP session.
-
8000:2302-Telnet-/etc/shadow Match: This signature fires on string /etc/shadow issued during a telnet session.
-
8000:2303-Telnet-+ +: This signature fires on string + + issued during a telnet session.
-
8000:51301-Rlogin-IFS Match: This signature fires when an attempt to change the IFS to / is done during a rlogin session.
-
8000:51302-Rlogin-/etc/shadow Match: This signature fires on string /etc/shadow issued during a rlogin session.
-
8000:51303-Rlogin-+ + : This signature fires on string + + issued during a rlogin session.