alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"Windows 3.1"; fast_pattern; http_user_agent; content:!"Cisco AnyConnect? VPN Agent"; http_user_agent; pcre:"/User-Agent\x3a[^\n]+Windows 3.1/Hi"; reference:url,doc.emergingthreats.net/2011694; classtype:policy-violation; sid:2011694; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"User-Agent|3a 20|"; content:"Windows 3.1"; fast_pattern:only; http_header; pcre:"/User-Agent\:[^\n]+Windows 3.1/Hi"; reference:url,doc.emergingthreats.net/2011694; classtype:policy-violation; sid:2011694; rev:6;)

Added 2011-10-12 19:32:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"User-Agent|3a 20|"; content:"Windows 3.1"; fast_pattern:only; http_header; pcre:"/User-Agent\:[^\n]+Windows 3.1/Hi"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2011694; sid:2011694; rev:6;)

Added 2011-09-14 22:45:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"User-Agent|3a 20|"; content:"Windows 3.1"; fast_pattern:only; http_header; pcre:"/User-Agent\:[^\n]+Windows 3.1/Hi"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2011694; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Windows_31; sid:2011694; rev:6;)

Added 2011-02-04 17:31:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Windows 3.1"; within:200; pcre:"/User-Agent\:[^\n]+Windows 3.1/i"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2011694; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Windows_31; sid:2011694; rev:2;)

Added 2010-06-23 20:16:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Windows 3.1"; within:200; pcre:"/User-Agent\:[^\n]+Windows 3.1/i"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2011694; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Windows_31; sid:2011694; rev:2;)

Added 2010-06-23 20:16:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Windows 3.1"; within:200; pcre:"/User-Agent\:[^\n]+Windows 3.1/i"; classtype:policy-violation; sid:2011694; rev:1;)

Added 2010-06-22 10:46:04 UTC


Topic revision: r3 - 2013-10-13 - AnshumanDeshmukh
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats