alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY localtunnel Connection Setup Attempt"; flow:established,to_server; content:"localtunnel.me"; http_host; fast_pattern; isdataat:!1,relative; http_header_names; content:"|0d 0a|host|0d 0a|accept"; depth:14; content:!"User-Agent"; content:!"Host"; content:!"Referer"; content:!"Accept"; metadata: former_category POLICY; reference:url,localtunnel.github.io/www/; classtype:policy-violation; sid:2025116; rev:2; metadata:attack_target Client_and_Server, deployment Perimeter, signature_severity Minor, created_at 2017_12_04, updated_at 2017_12_04;)

Added 2017-12-04 16:53:40 UTC


Topic revision: r1 - 2017-12-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats