2008781 < Main

EditAttachPrintable

r1 - 18 Nov 2008 - 17:15:22 - TWikiGuestYou are here: TWiki >

Main Web > 2008781

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Set flow on rar file get"; flow:established,to_server; content:"GET "; depth:4; uricontent:".rar"; content:".rar HTTP/1."; flowbits:set,ET.rar_seen; flowbits:noalert; classtype:trojan-activity; sid:2008781; rev:2;)

Added 2008-11-18 12:15:22 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Set flow on rar file get"; flow:established,to_server; content:"GET "; depth:4; uricontent:".rar"; content:".rar HTTP/1."; flowbits:set,ET.rar_seen; flowbits:noalert; classtype:trojan-activity; sid:2008781; rev:2;)

Added 2008-11-18 12:15:22 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Set flow on rar file get"; flow:established,to_server; content:"GET "; depth:4; uricontent:".rar"; content:".rar HTTP/1."; flowbits:set,ET.rar_seen; flowbits:noalert; sid:2008781; rev:1;)

Added 2008-11-13 18:14:17 UTC

Main

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback