#alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; depth:1; content:"|00 00 00 01|"; distance:1; within:4; byte_test:1,<,51,37; threshold: type limit, count 5, seconds 600, track by_src; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; classtype:policy-violation; sid:2009973; rev:4;)

Added 2011-10-12 19:28:40 UTC


#alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; depth:1; content:"|00 00 00 01|"; distance:1; within:4; byte_test:1,<,51,37; threshold: type limit, count 5, seconds 600, track by_src; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; sid:2009973; rev:4;)

Added 2011-09-14 22:41:58 UTC


#alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; depth:1; content:"|00 00 00 01|"; distance:1; within:4; byte_test:1,<,51,37; threshold: type limit, count 5, seconds 600, track by_src; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:4;)

Added 2011-02-04 17:29:24 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; threshold: type limit, count 5, seconds 600, track by_src; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:3;)

Added 2009-09-26 20:00:37 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; threshold: type limit, count 5, seconds 600, track by_src; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:3;)

Added 2009-09-26 20:00:37 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:2;)

Added 2009-09-23 20:04:26 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:2;)

Added 2009-09-23 20:04:26 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:2;)

Added 2009-09-23 20:00:38 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; classtype:policy-violation; reference:url, emule-project.net; reference:url,doc.emergingthreats.net/2009973; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/P2P/P2P_eMule; sid:2009973; rev:2;)

Added 2009-09-23 20:00:38 UTC


alert tcp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"ET P2P? eMule KAD Network Send Username"; flow:established; content:"|e3|"; offset:0; depth:1; content:"|00 00 00 01|"; depth:4; distance:1; byte_test:1,<,51,37; classtype:policy-violation; reference:url, emule-project.net; sid:2009973; rev:1;)

Added 2009-09-23 16:30:38 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats