#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST"; http_method; urilen:1; content:"TagId|3a 20|"; http_header; fast_pattern; content:".namequery.com|0d 0a|"; http_header; threshold: type limit, count 2, seconds 300, track by_src; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; classtype:attempted-recon; sid:2012689; rev:6; metadata:created_at 2011_04_14, updated_at 2011_04_14;)

Added 2017-08-07 21:05:51 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST"; http_method; urilen:1; content:"TagId|3a 20|"; http_header; fast_pattern; content:".namequery.com|0d 0a|"; http_header; threshold: type limit, count 2, seconds 300, track by_src; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; classtype:attempted-recon; sid:2012689; rev:5;)

Added 2014-02-28 18:38:56 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST|20|/|20|HTTP/1.1|0d 0a|TagId|3a 20|"; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|6.0|3b|)|0d 0a|Host|3a 20|"; distance:0; content:".namequery.com|0d 0a|Content"; distance:0; fast_pattern; threshold: type limit, count 2, seconds 300, track by_src; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; classtype:attempted-recon; sid:2012689; rev:4;)

Added 2011-10-19 18:51:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST|20|/|20|HTTP/1.1|0d 0a|TagId|3a 20|"; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|6.0|3b|)|0d 0a|Host|3a 20|"; distance:0; content:".namequery.com|0d 0a|Content"; distance:0; fast_pattern; threshold: type limit, count 2, seconds 300, track by_src; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; classtype:attempted-recon; sid:2012689; rev:4;)

Added 2011-10-12 19:34:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST|20|/|20|HTTP/1.1|0d 0a|TagId|3a 20|"; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|6.0|3b|)|0d 0a|Host|3a 20|"; distance:0; content:".namequery.com|0d 0a|Content"; distance:0; fast_pattern; threshold: type limit, count 2, seconds 300, track by_src; classtype:attempted-recon; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; sid:2012689; rev:4;)

Added 2011-07-12 12:24:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST|20|/|20|HTTP/1.1|0d 0a|TagId|3a 20|"; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|6.0|3b|)|0d 0a|Host|3a 20|"; distance:0; content:".namequery.com|0d 0a|Content"; distance:0; fast_pattern; threshold: type limit, count 2, seconds 300, track by_src; classtype:attempted-recon; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; sid:2012689; rev:4;)

Added 2011-07-11 15:32:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY LoJack? asset recovery/tracking - not malicious"; flow:established,to_server; content:"POST|20|/|20|HTTP/1.1|0d 0a|TagId|3a 20|"; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|6.0|3b|)|0d 0a|Host|3a 20|"; distance:0; content:".namequery.com|0d 0a|Content"; distance:0; fast_pattern; classtype:attempted-recon; reference:url,www.absolute.com/en/lojackforlaptops/home.aspx; sid:2012689; rev:3;)

Added 2011-04-14 21:28:46 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats