alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT DXF Extension File Detection Access Flowbit Set"; flow:established,to_client; flowbits:set,DXF.Ext.Access; content:"|20 20 30|"; content:"|0A 53 45 43 54 49 4F 4E|"; within:10; content:"|20 20 32|"; within:5; content:"|48 45 41 44 45 52|"; distance:0; content:"|0a|"; within:2; flowbits:noalert; classtype:not-suspicious; sid:2012152; rev:2;)

Added 2011-10-12 19:33:35 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT DXF Extension File Detection Access Flowbit Set"; flow:established,to_client; flowbits:set,DXF.Ext.Access; content:"|20 20 30|"; content:"|0A 53 45 43 54 49 4F 4E|"; within:10; content:"|20 20 32|"; within:5; content:"|48 45 41 44 45 52|"; distance:0; content:"|0a|"; within:2; flowbits:noalert; classtype:not-suspicious; sid:2012152; rev:2;)

Added 2011-02-04 17:32:02 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats