##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; content:"HTTP/1"; depth:6; content:"Content-Type|3a| application/"; nocase; http_header; flowbits:noalert; flowbits:set,ET.http.binary; reference:url,doc.emergingthreats.net/2007670; classtype:not-suspicious; sid:2007670; rev:8;)

Added 2012-03-13 14:42:34 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"Content-Type|3a| application/"; nocase; http_header; flowbits:noalert; flowbits:set,ET.http.binary; reference:url,doc.emergingthreats.net/2007670; classtype:not-suspicious; sid:2007670; rev:7;)

Added 2011-10-12 19:23:36 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"Content-Type|3a| application/"; nocase; http_header; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2007670; sid:2007670; rev:7;)

Added 2011-09-14 22:37:07 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"Content-Type|3a| application/"; nocase; http_header; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2007670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Small_Binary_Downloads; sid:2007670; rev:7;)

Added 2011-06-17 13:31:09 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"Content-Type|3a| application/"; nocase; http_header; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2007670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Small_Binary_Downloads; sid:2007670; rev:6;)

Added 2011-02-04 17:26:47 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2007670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Small_Binary_Downloads; sid:2007670; rev:4;)

Added 2009-02-11 19:15:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2007670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Small_Binary_Downloads; sid:2007670; rev:4;)

Added 2009-02-11 19:15:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; sid:2007670; rev:3;)

Added 2009-02-09 14:44:18 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,ET.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,ET.http.binary; classtype:not-suspicious; sid:2007670; rev:3;)

Added 2009-02-09 14:44:18 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,BE.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,BE.http.binary; classtype:not-suspicious; sid:2007670; rev:2;)

Added 2008-01-31 18:48:10 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,BE.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,BE.http.binary; classtype:not-suspicious; sid:2007670; rev:2;)

Added 2008-01-31 18:48:10 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE POLICY Likely Binary in HTTP by Type Flowbit"; flow:established,from_server; flowbits:isnotset,BE.http.binary; content:"HTTP/1"; depth:6; content:"|0d 0a|Content-Type\: application/"; nocase; flowbits:noalert; flowbits:set,BE.http.binary; classtype:not-suspicious; sid:2007670; rev:1;)

Added 2007-11-08 01:16:52 UTC


Topic revision: r1 - 2012-03-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats