alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN LDPinch Checkin (9)"; flow:established,to_server; uricontent:".cgi?sid="; nocase; uricontent:"&bt="; nocase; uricontent:"&pz="; uricontent:"&rnd="; uricontent:"&tail"; classtype:trojan-activity; sid:2008095; rev:1;)

Added 2008-04-03 13:36:06 UTC

This was dropped. Was hitting on legit ad server requests.

-- MattJonkman - 04 Apr 2008


Topic revision: r2 - 2008-04-04 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats