Nel mio apache però se dò OPTIONS / HTTP/1.1
mi restituisce
Codice: Seleziona tutto
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2011 10:31:32 GMT
Server: xxx
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 0
Content-Type: text/html
Moderatore: Staff
Codice: Seleziona tutto
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2011 10:31:32 GMT
Server: xxx
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 0
Content-Type: text/html
Codice: Seleziona tutto
1011010 1100101 1110010 1101111 - 0100000 - 1010101 1101110 1101111
Codice: Seleziona tutto
1011010 1100101 1110010 1101111 - 0100000 - 1010101 1101110 1101111
Codice: Seleziona tutto
$ grep OPTIONS emerging-all.rules
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (messaggio:"ET SCAN HTTP OPTIONS invalid method case"; flow:established,to_server; content:"options"; http_method; nocase; content:!"OPTIONS"; http_method; reference:url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html; reference:url,doc.emergingthreats.net/2011034; classtype:bad-unknown; sid:2011034; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (messaggio:"ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long OPTIONS URI Overflow Attmept"; flow:established,to_server; content:"OPTIONS|20|"; depth:8; nocase; isdataat:400,relative; content:!"|0A|"; within:400; reference:url,www.packetstormsecurity.com/1004-exploits/sunjavasystem-exec.txt; reference:cve,2010-0361; reference:url,doc.emergingthreats.net/2011016; classtype:web-application-attack; sid:2011016; rev:3;)
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (messaggio:"ET VOIP Possible Modified Sipvicious OPTIONS Scan"; content:"OPTIONS "; depth:8; content:"ccxllrlflgig|22|<sip|3A|100"; nocase; distance:0; reference:url,code.google.com/p/sipvicious/; reference:url,blog.sipvicious.org/; classtype:attempted-recon; sid:2011422; rev:2;)
alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (messaggio:"ET POLICY HTTP traffic on port 443 (OPTIONS)"; flow:to_server,established; content:"OPTIONS "; depth:8; flowbits:set,ET.HTTP.at.SSL; classtype:bad-unknown; sid:2013929; rev:1;)
Codice: Seleziona tutto
$ grep -R OPTIONS rules/ | grep -i http
rules/web-client.rules:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (messaggio:"WEB-CLIENT Microsoft HTML help workshop buffer overflow attempt"; flow:from_server,established; flowbits:isset,http.hhp.download; file_data; content:"["; depth:1; content:"]"; within:12; content:"file"; distance:0; nocase; content:"="; distance:0; pcre:"/\x5B(OPTIONS|WINDOWS|MERGE FILES|MAP|ALIAS|TEXT\x20POPUPS|INFOTYPES|SUBSETS)\x5D.*?(Contents|Index|Compiled|Sample List|Full text search stop list)\x20file\s*\x3D[^\r\n]{200}/smi"; metadata:policy security-ips drop; reference:cve,2006-0564; reference:cve,2009-0133; reference:url,users.pandora.be/bratax/advisories/b008.html; reference:url,www.frsirt.com/english/advisories/2006/0446; classtype:attempted-user; sid:5741; rev:5;)
rules/web-client.rules:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (messaggio:"WEB-CLIENT Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt"; flow:to_client,established; content:"HLP"; nocase; pcre:"/^\s*HLP\s*\x3d\s*[^\n]{257}/smi"; metadata:policy balanced-ips drop, policy security-ips drop; reference:bugtraq,22135; reference:cve,2007-0427; classtype:attempted-user; sid:17366; rev:2;)
rules/web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (messaggio:"WEB-MISC Sun Java Web Server Webdav Stack Buffer Overflow attempt"; flow:to_server,established; content:"OPTIONS"; depth:7; nocase; isdataat:200,relative; pcre:"/^OPTIONS\s+[^\s]{200}/smi"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,37874; reference:cve,2010-0361; classtype:attempted-admin; sid:18611; rev:1;)
rules/web-iis.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (messaggio:"WEB-IIS WebDAV Request Directory Security Bypass attempt"; flow:to_server,established; content:"/%c0%af/"; pcre:"/^(GET|OPTIONS|HEAD|POST|PUT|DELETE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK)[^\r\n]*\s+[^\r\n]*\x2f\x25c0\x25af\x2f/mi"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,34993; reference:cve,2009-1535; classtype:attempted-admin; sid:17564; rev:1;)