DomiLock: RulesSnort

Menu :
.: Home
.: CheckNow!
.: Tools
.: Guestbook
.: About
.: Links
.: Contact Us
Numbers :
:. 17224 scans performed
:. show details













    

# $Id: domino.rules, 02/09/2002 14:46:13
#---------------
# DOMINO RULES
#---------------

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - 852566C90012664F"; uricontent:"852566C90012664F"; nocase; flags:A+; classtype:attempted-recon; sid:2599180; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - admin4.nsf"; uricontent:"admin4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599101; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - admin5.nsf"; uricontent:"admin5.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599102; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - admin.nsf"; uricontent:"admin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599103; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - agentrunner.nsf"; uricontent:"agentrunner.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599104; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - alog.nsf"; uricontent:"alog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599105; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - a_domlog.nsf"; uricontent:"a_domlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599191; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - bookmark.nsf"; uricontent:"bookmark.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599106; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - busytime.nsf"; uricontent:"busytime.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599107; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - catalog.nsf"; uricontent:"catalog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599108; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - certa.nsf"; uricontent:"certa.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599109; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - certlog.nsf"; uricontent:"certlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599110; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - certsrv.nsf"; uricontent:"certsrv.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599111; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - chatlog.nsf"; uricontent:"chatlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599112; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - clbusy.nsf"; uricontent:"clbusy.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599212; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - cldbdir.nsf"; uricontent:"cldbdir.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599173; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - clusta4.nsf"; uricontent:"clusta4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599113; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - collect4.nsf"; uricontent:"collect4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599114; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - da.nsf"; uricontent:"da.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599221; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dba4.nsf"; uricontent:"dba4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599115; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dclf.nsf"; uricontent:"dclf.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599116; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASAppDesign.nsf"; uricontent:"DEASAppDesign.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599181; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog01.nsf"; uricontent:"DEASLog01.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599183; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog02.nsf"; uricontent:"DEASLog02.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599184; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog03.nsf"; uricontent:"DEASLog03.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599185; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog04.nsf"; uricontent:"DEASLog04.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599186; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog05.nsf"; uricontent:"DEASLog05.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599187; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog.nsf"; uricontent:"DEASLog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599182; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - decsadm.nsf"; uricontent:"decsadm.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599117; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - decslog.nsf"; uricontent:"decslog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599118; rev:2; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEESAdmin.nsf"; uricontent:"DEESAdmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599209; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dirassist.nsf"; uricontent:"dirassist.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599119; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - doladmin.nsf"; uricontent:"doladmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599120; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domadmin.nsf"; uricontent:"domadmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599121; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domcfg.nsf"; uricontent:"domcfg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599122; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domguide.nsf"; uricontent:"domguide.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599123; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domlog.nsf"; uricontent:"domlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599124; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dspug.nsf"; uricontent:"dspug.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599125; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - events4.nsf"; uricontent:"events4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599126; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - events5.nsf"; uricontent:"events5.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599127; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - events.nsf"; uricontent:"events.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599128; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - event.nsf"; uricontent:"event.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599129; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - homepage.nsf"; uricontent:"homepage.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599130; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - iNotes/Forms5.nsf/|24|DefaultNav"; uricontent:"iNotes/Forms5.nsf/|24|DefaultNav"; nocase; flags:A+; classtype:attempted-recon; sid:2599205; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - jotter.nsf"; uricontent:"jotter.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599190; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - leiadm.nsf"; uricontent:"leiadm.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599174; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - leilog.nsf"; uricontent:"leilog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599175; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - leivlt.nsf"; uricontent:"leivlt.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599176; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - log4a.nsf"; uricontent:"log4a.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599131; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - log.nsf"; uricontent:"log.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599132; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - l_domlog.nsf"; uricontent:"l_domlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599192; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mab.nsf"; uricontent:"mab.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599133; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail10.box"; uricontent:"mail10.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599204; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail1.box"; uricontent:"mail1.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599195; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail2.box"; uricontent:"mail2.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599196; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail3.box"; uricontent:"mail3.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599197; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail4.box"; uricontent:"mail4.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599198; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail5.box"; uricontent:"mail5.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599199; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail6.box"; uricontent:"mail6.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599200; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail7.box"; uricontent:"mail7.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599201; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail8.box"; uricontent:"mail8.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599202; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail9.box"; uricontent:"mail9.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599203; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail.box"; uricontent:"mail.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599134; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - msdwda.nsf"; uricontent:"msdwda.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599210; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mtatbls.nsf"; uricontent:"mtatbls.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599135; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mtstore.nsf"; uricontent:"mtstore.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599136; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - names.nsf"; uricontent:"names.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599137; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntppost.nsf"; uricontent:"nntppost.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599138; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntp/nd000001.nsf"; uricontent:"nntp/nd000001.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599206; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntp/nd000002.nsf"; uricontent:"nntp/nd000002.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599207; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntp/nd000003.nsf"; uricontent:"nntp/nd000003.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599208; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|about "; uricontent:"nsf/|24|about "; nocase; flags:A+; classtype:attempted-recon; sid:2599167; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|defaultnav"; uricontent:"nsf/|24|defaultnav"; nocase; flags:A+; classtype:attempted-recon; sid:2599166; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|help"; uricontent:"nsf/|24|help"; nocase; flags:A+; classtype:attempted-recon; sid:2599170; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|icon "; uricontent:"nsf/|24|icon "; nocase; flags:A+; classtype:attempted-recon; sid:2599172; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - ntsync45.nsf"; uricontent:"ntsync45.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599139; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - perweb.nsf"; uricontent:"perweb.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599140; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - qpadmin.nsf"; uricontent:"qpadmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599172; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - quickplace/quickplace/main.nsf"; uricontent:"quickplace/quickplace/main.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599141; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - readviewentries"; uricontent:"readviewentries"; nocase; flags:A+; classtype:attempted-recon; sid:2599165; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - reports.nsf"; uricontent:"reports.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599142; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - sample/siregw46.nsf"; uricontent:"sample/siregw46.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599193; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - schema50.nsf"; uricontent:"schema50.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599143; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - setupweb.nsf"; uricontent:"setupweb.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599144; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - setup.nsf"; uricontent:"setup.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599145; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smbcfg.nsf"; uricontent:"smbcfg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599146; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smconf.nsf"; uricontent:"smconf.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599213; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smency.nsf"; uricontent:"smency.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599214; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smhelp.nsf"; uricontent:"smhelp.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599215; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smmsg.nsf"; uricontent:"smmsg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599216; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smquar.nsf"; uricontent:"smquar.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599217; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smsolar.nsf"; uricontent:"smsolar.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599218; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtime.nsf"; uricontent:"smtime.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599219; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtpibwq.nsf"; uricontent:"smtpibwq.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599177; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtpobwq.nsf"; uricontent:"smtpobwq.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599178; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtp.box"; uricontent:"smtp.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599194; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtp.nsf"; uricontent:"smtp.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599179; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smvlog.nsf"; uricontent:"smvlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599220; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - srvnam.htm"; uricontent:"srvnam.htm"; nocase; flags:A+; classtype:attempted-recon; sid:2599147; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - statmail.nsf"; uricontent:"statmail.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599148; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - statrep.nsf"; uricontent:"statrep.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599149; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stauths.nsf"; uricontent:"stauths.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599150; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stautht.nsf"; uricontent:"stautht.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599151; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stconfig.nsf"; uricontent:"stconfig.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599152; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stconf.nsf"; uricontent:"stconf.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599153; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stdnaset.nsf"; uricontent:"stdnaset.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599154; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stdomino.nsf"; uricontent:"stdomino.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599155; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stlog.nsf"; uricontent:"stlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599156; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - streg.nsf"; uricontent:"streg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599157; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stsrc.nsf"; uricontent:"stsrc.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599158; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - userreg.nsf"; uricontent:"userreg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599159; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - vpuserinfo.nsf"; uricontent:"vpuserinfo.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599160; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - webadmin.nsf"; uricontent:"webadmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599161; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - web.nsf"; uricontent:"web.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599162; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - .nsf/../winnt/win.ini"; uricontent:".nsf/../winnt/win.ini"; nocase; flags:A+; classtype:attempted-recon; sid:2599164; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - /!open"; uricontent:"/!open"; nocase; flags:A+; classtype:attempted-recon; sid:2599169; rev:1; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - /?open"; uricontent:"/?open"; nocase; flags:A+; classtype:attempted-recon; sid:2599168; rev:1; )


# $Id: domino.rules, 02/09/2002 14:46:16
#---------------
# DOMINO RULES
#---------------

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - 852566C90012664F"; uricontent:"852566C90012664F"; nocase; flags:A+; classtype:attempted-recon; sid:2599180; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - admin4.nsf"; uricontent:"admin4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599101; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - admin5.nsf"; uricontent:"admin5.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599102; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - admin.nsf"; uricontent:"admin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599103; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - agentrunner.nsf"; uricontent:"agentrunner.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599104; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - alog.nsf"; uricontent:"alog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599105; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - a_domlog.nsf"; uricontent:"a_domlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599191; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - bookmark.nsf"; uricontent:"bookmark.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599106; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - busytime.nsf"; uricontent:"busytime.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599107; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - catalog.nsf"; uricontent:"catalog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599108; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - certa.nsf"; uricontent:"certa.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599109; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - certlog.nsf"; uricontent:"certlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599110; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - certsrv.nsf"; uricontent:"certsrv.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599111; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - chatlog.nsf"; uricontent:"chatlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599112; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - clbusy.nsf"; uricontent:"clbusy.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599212; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - cldbdir.nsf"; uricontent:"cldbdir.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599173; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - clusta4.nsf"; uricontent:"clusta4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599113; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - collect4.nsf"; uricontent:"collect4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599114; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - da.nsf"; uricontent:"da.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599221; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dba4.nsf"; uricontent:"dba4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599115; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dclf.nsf"; uricontent:"dclf.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599116; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASAppDesign.nsf"; uricontent:"DEASAppDesign.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599181; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog01.nsf"; uricontent:"DEASLog01.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599183; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog02.nsf"; uricontent:"DEASLog02.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599184; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog03.nsf"; uricontent:"DEASLog03.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599185; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog04.nsf"; uricontent:"DEASLog04.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599186; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog05.nsf"; uricontent:"DEASLog05.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599187; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEASLog.nsf"; uricontent:"DEASLog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599182; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - decsadm.nsf"; uricontent:"decsadm.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599117; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - decslog.nsf"; uricontent:"decslog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599118; rev:2; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - DEESAdmin.nsf"; uricontent:"DEESAdmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599209; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dirassist.nsf"; uricontent:"dirassist.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599119; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - doladmin.nsf"; uricontent:"doladmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599120; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domadmin.nsf"; uricontent:"domadmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599121; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domcfg.nsf"; uricontent:"domcfg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599122; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domguide.nsf"; uricontent:"domguide.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599123; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - domlog.nsf"; uricontent:"domlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599124; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - dspug.nsf"; uricontent:"dspug.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599125; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - events4.nsf"; uricontent:"events4.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599126; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - events5.nsf"; uricontent:"events5.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599127; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - events.nsf"; uricontent:"events.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599128; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - event.nsf"; uricontent:"event.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599129; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - homepage.nsf"; uricontent:"homepage.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599130; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - iNotes/Forms5.nsf/|24|DefaultNav"; uricontent:"iNotes/Forms5.nsf/|24|DefaultNav"; nocase; flags:A+; classtype:attempted-recon; sid:2599205; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - jotter.nsf"; uricontent:"jotter.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599190; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - leiadm.nsf"; uricontent:"leiadm.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599174; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - leilog.nsf"; uricontent:"leilog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599175; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - leivlt.nsf"; uricontent:"leivlt.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599176; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - log4a.nsf"; uricontent:"log4a.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599131; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - log.nsf"; uricontent:"log.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599132; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - l_domlog.nsf"; uricontent:"l_domlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599192; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mab.nsf"; uricontent:"mab.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599133; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail10.box"; uricontent:"mail10.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599204; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail1.box"; uricontent:"mail1.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599195; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail2.box"; uricontent:"mail2.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599196; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail3.box"; uricontent:"mail3.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599197; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail4.box"; uricontent:"mail4.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599198; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail5.box"; uricontent:"mail5.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599199; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail6.box"; uricontent:"mail6.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599200; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail7.box"; uricontent:"mail7.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599201; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail8.box"; uricontent:"mail8.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599202; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail9.box"; uricontent:"mail9.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599203; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mail.box"; uricontent:"mail.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599134; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - msdwda.nsf"; uricontent:"msdwda.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599210; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mtatbls.nsf"; uricontent:"mtatbls.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599135; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - mtstore.nsf"; uricontent:"mtstore.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599136; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - names.nsf"; uricontent:"names.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599137; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntppost.nsf"; uricontent:"nntppost.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599138; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntp/nd000001.nsf"; uricontent:"nntp/nd000001.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599206; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntp/nd000002.nsf"; uricontent:"nntp/nd000002.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599207; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nntp/nd000003.nsf"; uricontent:"nntp/nd000003.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599208; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|about "; uricontent:"nsf/|24|about "; nocase; flags:A+; classtype:attempted-recon; sid:2599167; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|defaultnav"; uricontent:"nsf/|24|defaultnav"; nocase; flags:A+; classtype:attempted-recon; sid:2599166; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|help"; uricontent:"nsf/|24|help"; nocase; flags:A+; classtype:attempted-recon; sid:2599170; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - nsf/|24|icon "; uricontent:"nsf/|24|icon "; nocase; flags:A+; classtype:attempted-recon; sid:2599172; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - ntsync45.nsf"; uricontent:"ntsync45.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599139; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - perweb.nsf"; uricontent:"perweb.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599140; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - qpadmin.nsf"; uricontent:"qpadmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599172; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - quickplace/quickplace/main.nsf"; uricontent:"quickplace/quickplace/main.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599141; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - readviewentries"; uricontent:"readviewentries"; nocase; flags:A+; classtype:attempted-recon; sid:2599165; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - reports.nsf"; uricontent:"reports.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599142; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - sample/siregw46.nsf"; uricontent:"sample/siregw46.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599193; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - schema50.nsf"; uricontent:"schema50.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599143; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - setupweb.nsf"; uricontent:"setupweb.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599144; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - setup.nsf"; uricontent:"setup.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599145; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smbcfg.nsf"; uricontent:"smbcfg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599146; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smconf.nsf"; uricontent:"smconf.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599213; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smency.nsf"; uricontent:"smency.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599214; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smhelp.nsf"; uricontent:"smhelp.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599215; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smmsg.nsf"; uricontent:"smmsg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599216; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smquar.nsf"; uricontent:"smquar.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599217; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smsolar.nsf"; uricontent:"smsolar.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599218; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtime.nsf"; uricontent:"smtime.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599219; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtpibwq.nsf"; uricontent:"smtpibwq.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599177; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtpobwq.nsf"; uricontent:"smtpobwq.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599178; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtp.box"; uricontent:"smtp.box"; nocase; flags:A+; classtype:attempted-recon; sid:2599194; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smtp.nsf"; uricontent:"smtp.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599179; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - smvlog.nsf"; uricontent:"smvlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599220; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - srvnam.htm"; uricontent:"srvnam.htm"; nocase; flags:A+; classtype:attempted-recon; sid:2599147; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - statmail.nsf"; uricontent:"statmail.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599148; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - statrep.nsf"; uricontent:"statrep.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599149; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stauths.nsf"; uricontent:"stauths.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599150; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stautht.nsf"; uricontent:"stautht.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599151; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stconfig.nsf"; uricontent:"stconfig.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599152; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stconf.nsf"; uricontent:"stconf.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599153; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stdnaset.nsf"; uricontent:"stdnaset.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599154; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stdomino.nsf"; uricontent:"stdomino.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599155; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stlog.nsf"; uricontent:"stlog.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599156; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - streg.nsf"; uricontent:"streg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599157; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - stsrc.nsf"; uricontent:"stsrc.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599158; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - userreg.nsf"; uricontent:"userreg.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599159; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - vpuserinfo.nsf"; uricontent:"vpuserinfo.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599160; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - webadmin.nsf"; uricontent:"webadmin.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599161; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - web.nsf"; uricontent:"web.nsf"; nocase; flags:A+; classtype:attempted-recon; sid:2599162; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - .nsf/../winnt/win.ini"; uricontent:".nsf/../winnt/win.ini"; nocase; flags:A+; classtype:attempted-recon; sid:2599164; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - /!open"; uricontent:"/!open"; nocase; flags:A+; classtype:attempted-recon; sid:2599169; rev:1; react: block, msg; )
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"Domino - /?open"; uricontent:"/?open"; nocase; flags:A+; classtype:attempted-recon; sid:2599168; rev:1; react: block, msg; )

Copyright © 2000-2002 DomiLock. All right reserved. Privacy policy.