alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"(compatible|3b| Google Desktop)"; http_user_agent; fast_pattern:13,15; nocase; threshold: type limit, count 1, seconds 360, track by_src; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; classtype:policy-violation; sid:2002801; rev:14; metadata:created_at 2010_07_30, updated_at 2020_04_27;)
Added 2020-04-27 19:10:18 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"(compatible|3b| Google Desktop)"; http_user_agent; fast_pattern:13,15; nocase; threshold: type limit, count 1, seconds 360, track by_src; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; classtype:policy-violation; sid:2002801; rev:14; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2018-09-13 19:38:15 UTC
Added 2018-09-13 17:52:57 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"(compatible|3b| Google Desktop)"; http_user_agent; fast_pattern:13,15; nocase; threshold: type limit, count 1, seconds 360, track by_src; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; classtype:policy-violation; sid:2002801; rev:14; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 20:56:13 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"(compatible|3b| Google Desktop)"; http_header; fast_pattern:13,15; nocase; threshold: type limit, count 1, seconds 360, track by_src; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; classtype:policy-violation; sid:2002801; rev:12;)
Added 2013-12-23 17:29:57 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Google Desktop)"; http_header; fast_pattern:37,15; nocase; threshold: type limit, count 1, seconds 360, track by_src; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; classtype:policy-violation; sid:2002801; rev:10;)
Added 2011-12-19 18:45:30 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Google Desktop)"; http_header; nocase; threshold: type limit, count 1, seconds 360, track by_src; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; classtype:policy-violation; sid:2002801; rev:9;)
Added 2011-10-12 19:12:17 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Google Desktop)"; http_header; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; sid:2002801; rev:9;)
Added 2011-09-14 22:25:13 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Google Desktop)"; http_header; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google; sid:2002801; rev:9;)
Added 2011-02-04 17:22:03 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google; sid:2002801; rev:7;)
Added 2009-08-14 13:30:38 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google; sid:2002801; rev:7;)
Added 2009-08-14 13:30:38 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google; sid:2002801; rev:6;)
Added 2009-08-11 09:45:36 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google; sid:2002801; rev:6;)
Added 2009-08-11 09:45:36 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google; sid:2002801; rev:5;)
Added 2009-02-19 21:15:27 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google; sid:2002801; rev:5;)
Added 2009-02-19 21:15:27 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google; sid:2002801; rev:5;)
Added 2009-02-19 21:11:09 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; reference:url,doc.emergingthreats.net/2002801; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google; sid:2002801; rev:5;)
Added 2009-02-19 21:11:09 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; sid:2002801; rev:4;)
Added 2008-02-01 10:46:07 UTC
I recommend adding another reference to this rule
http://safecomputing.umich.edu/tools/download/gd_security.pdf
--
MikeWazowski - 04 Feb 2009
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; sid:2002801; rev:4;)
Added 2008-02-01 10:46:07 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE WEB Google Desktop User-Agent Detected"; flow:to_server,established; content:"User-Agent\: Mozilla/4.0 (compatible\; Google Desktop)"; nocase; threshold: type limit, count 1, seconds 360, track by_src; classtype:policy-violation; reference:url,news.com.com/2100-1032_3-6038197.html; sid:2002801; rev:3; )