alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; classtype:policy-violation; sid:2002138; rev:9;)

Added 2011-10-12 19:11:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; sid:2002138; rev:9;)

Added 2011-09-14 21:19:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:9;)

Added 2011-02-04 17:21:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:9;)

Added 2010-06-09 20:41:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:9;)

Added 2010-06-09 20:41:09 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:8;)

Added 2010-01-27 12:57:42 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:8;)

Added 2010-01-27 12:57:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:7;)

Added 2009-02-07 21:45:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002138; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002138; rev:7;)

Added 2009-02-07 21:45:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; sid:2002138; rev:6;)

Added 2008-01-25 22:33:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"ET GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; sid:2002138; rev:6;)

Added 2008-01-25 22:33:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"BLEEDING-EDGE GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:7; classtype: policy-violation; sid:2002138; rev:5;)

Added 2007-07-26 00:46:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"BLEEDING-EDGE GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:1; within:6; classtype: policy-violation; sid:2002138; rev:4;)

Added 2007-07-04 10:16:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"BLEEDING-EDGE GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:2; within:6; classtype: policy-violation; sid:2002138; rev:3;)

Added 2007-07-04 09:46:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"BLEEDING-EDGE GAMES World of Warcraft connection"; flow:established,to_server; content:"|00|"; depth:1; content:"|25 00|WoW|00|"; distance:2; within:4; classtype: policy-violation; sid:2002138; rev:2;)

Added 2007-07-04 08:20:45 UTC

New packets were not starting with 00 02, but saw some with 00 06. Altered the sig based on information from Adam Ellison.

Matt

-- MattJonkman - 04 Jul 2007


alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"BLEEDING-EDGE GAMES World of Warcraft connection"; flow:established,to_server; content:"|00 02|"; depth:2; content:"WoW|00|"; distance:2; within:4; classtype: policy-violation; sid:2002138; rev:1;)



Topic revision: r2 - 2007-07-04 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats