Custom Signature for FortiGate IPS Engine

1.
F-SBID( --name "Web.SQL.Injection"; --default_action drop; --protocol tcp; --service HTTP; --flow from_client; --pcre "/[+]+or[+]+[\d]+=[\d]+/"; )


2. 
F-SBID( --name "Web.SQL.Syntax.Error"; --default_action drop; --protocol tcp; --service HTTP; --flow from_server; --pattern "execute failed: You have an error in your SQL syntax"; )


3. 
F-SBID( --name "Web.Directory.Listening"; --default_action drop; --protocol tcp; --service HTTP; --flow from_server; --pcre "/<ADDRESS>Apache[//][\d]+.[\d]+.[\d]+ Server at [\d]+.[\d]+.[\d]+.[\d]+ Port 80<[//]ADDRESS>/"; )


4.
F-SBID( --name "Web.XSS.Script"; --default_action drop; --protocol tcp; --service HTTP; --flow from_client; --pattern "%3Cscript%3E"; )


5. 
F-SBID( --name "Web.Directory.404.Harvesting"; --default_action drop; --protocol tcp; --service HTTP; --flow from_server; --pcre "/<TITLE>404 Not Found<[//]TITLE>/"; --rate 10,60; --track src_ip; )


6. 
F-SBID( --attack_id 3746; --name "DNS.Zone-Transfer"; --default_action drop; --service DNS; --dst_port 53; --flow from_client; --pattern "|00 01 00 00 00 00 00|"; --distance 6,context; --within 10,context; --pattern "|00 00 FC 00 01|" -- distance 2; )

혹시 복사해도 안되면 원본 파일을 다운로드 받으세요. 

http://epg.org.pl/conf/fortiips.txt