[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]garaged wrote:
No veo que tengas las reglas de porno, porn.rules. Saludos Max
Estas son todas mis reglas include $RULE_PATH/local.rules include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/dos.rules include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules include $RULE_PATH/tftp.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/web-coldfusion.rules include $RULE_PATH/web-iis.rules include $RULE_PATH/web-frontpage.rules include $RULE_PATH/web-misc.rules include $RULE_PATH/web-client.rules include $RULE_PATH/web-php.rules include $RULE_PATH/sql.rules include $RULE_PATH/x11.rules include $RULE_PATH/icmp.rules include $RULE_PATH/netbios.rules include $RULE_PATH/misc.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/oracle.rules include $RULE_PATH/mysql.rules include $RULE_PATH/snmp.rules include $RULE_PATH/smtp.rules include $RULE_PATH/imap.rules include $RULE_PATH/pop2.rules include $RULE_PATH/pop3.rules include $RULE_PATH/nntp.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/policy.rules include $RULE_PATH/porn.rules include $RULE_PATH/info.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules include $RULE_PATH/chat.rules include $RULE_PATH/multimedia.rules include $RULE_PATH/p2p.rules include $RULE_PATH/experimental.rules include $RULE_PATH/bleeding-custom.rules include $RULE_PATH/bleeding-dos.rules include $RULE_PATH/bleeding-exploit.rules include $RULE_PATH/bleeding-game.rules include $RULE_PATH/bleeding-inappropriate.rules include $RULE_PATH/bleeding-malware.rules include $RULE_PATH/bleeding-p2p.rules include $RULE_PATH/bleeding-policy.rules include $RULE_PATH/bleeding.rules include $RULE_PATH/bleeding-scan.rules include $RULE_PATH/bleeding-virus.rules include $RULE_PATH/bleeding-web.rules include $RULE_PATH/bleeding-attack_response.rulesdetodas maneras aunque no tuviera la de porn, en innappropriate vienen varias de este estilo:
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "BLEEDING-EDGE INAPPROPRIATE Likely Porn"; flow: established,from_server; pcre:"/ (FREE XXX|dildo|masturbat|oral sex|ejaculat|up skirt|tits|bondage|lolita|clitoris|cock suck|hardcore (teen|anal|sex|porn)|raw sex|((fuck|sex|porn|xxx) (movies|dvd))|((naked|nude) (celeb|lesbian)))\b/i"; classtype: kickass-porn; sid: 2001608; rev:5; )