2000035 < Main < EmergingThreats

EmergingThreats>

Main Web>2000035 (2007-10-08, MattJonkman)

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; http_header; content:"/cgi-bin/HoTMaiL?curmbox="; nocase; http_uri; reference:url,doc.emergingthreats.net/2000035; classtype:policy-violation; sid:2000035; rev:13; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2018-09-13 19:37:01 UTC

Added 2018-09-13 17:52:18 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; http_header; content:"/cgi-bin/HoTMaiL?curmbox="; nocase; http_uri; reference:url,doc.emergingthreats.net/2000035; classtype:policy-violation; sid:2000035; rev:13; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:55:10 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; http_header; content:"/cgi-bin/HoTMaiL?curmbox="; nocase; http_uri; reference:url,doc.emergingthreats.net/2000035; classtype:policy-violation; sid:2000035; rev:13;)

Added 2011-10-12 19:09:28 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; http_header; content:"/cgi-bin/HoTMaiL?curmbox="; nocase; http_uri; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; sid:2000035; rev:13;)

Added 2011-09-15 14:46:01 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; http_header; content:"/cgi-bin/HoTMaiL?curmbox="; nocase; http_uri; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; sid:2000035; rev:13;)

Added 2011-09-14 20:32:57 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; http_header; content:"/cgi-bin/HoTMaiL?curmbox="; nocase; http_uri; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid:2000035; rev:13;)

Added 2011-02-04 17:21:11 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid:2000035; rev:12;)

Added 2010-06-28 22:46:58 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid:2000035; rev:12;)

Added 2010-06-28 22:46:58 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid: 2000035; rev:12;)

Added 2009-02-11 19:15:22 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; reference:url,doc.emergingthreats.net/2000035; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_HOTMAIL_Mail_Use; sid: 2000035; rev:12;)

Added 2009-02-11 19:15:22 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:11;)

Added 2008-05-20 10:32:39 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:11;)

Added 2008-05-20 10:32:39 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:11;)

Added 2008-03-08 21:16:18 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:11;)

Added 2008-03-08 21:16:18 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:11;)

Added 2008-03-08 21:11:53 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:11;)

Added 2008-03-08 21:11:53 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:10;)

Added 2008-01-31 18:48:09 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:10;)

Added 2008-01-31 18:48:09 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Hotmail Inbox Access"; flow: to_server,established; content:"hotmail.msn.com"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/cgi-bin\/HoTMaiL\?curmbox=/i"; classtype: policy-violation; sid: 2000035; rev:9; )

Not hostile, sometimes a policy violation in many organizations

-- MattJonkman - 08 Oct 2007

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r2 - 2007-10-08 - MattJonkman

Main

Log In

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats