#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; http_uri; nocase; content:"hotmail.msn.com"; http_header; nocase; content:"/cgi-bin/compose?/"; nocase; http_uri; reference:url,doc.emergingthreats.net/2000037; classtype:policy-violation; sid:2000037; rev:13;)

Added 2011-10-12 19:09:29 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; http_uri; nocase; content:"hotmail.msn.com"; http_header; nocase; content:"/cgi-bin/compose?/"; nocase; http_uri; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; sid:2000037; rev:13;)

Added 2011-09-15 14:46:02 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; http_uri; nocase; content:"hotmail.msn.com"; http_header; nocase; content:"/cgi-bin/compose?/"; nocase; http_uri; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; sid:2000037; rev:13;)

Added 2011-09-14 20:32:58 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; http_uri; nocase; content:"hotmail.msn.com"; http_header; nocase; content:"/cgi-bin/compose?/"; nocase; http_uri; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid:2000037; rev:13;)

Added 2011-02-04 17:21:11 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid:2000037; rev:12;)

Added 2010-06-28 22:46:59 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid:2000037; rev:12;)

Added 2010-06-28 22:46:59 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid: 2000037; rev:12;)

Added 2009-02-11 19:15:22 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000037; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid: 2000037; rev:12;)

Added 2009-02-11 19:15:22 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:11;)

Added 2008-05-20 10:32:39 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:11;)

Added 2008-05-20 10:32:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:11;)

Added 2008-03-08 21:16:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:11;)

Added 2008-03-08 21:16:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:11;)

Added 2008-03-08 21:11:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:11;)

Added 2008-03-08 21:11:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:10;)

Added 2008-01-31 18:48:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:10;)

Added 2008-01-31 18:48:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Hotmail Compose Message Access"; flow: to_server,established; content:"curmbox="; nocase; content:"hotmail.msn.com"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/compose\?/i"; classtype: policy-violation; sid: 2000037; rev:9; )



Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats