EmergingThreats> Main Web>2003484 (revision 1)EditAttach

alert tcp any any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE WORM Allaple Unique HTTP Request - Possibly part of DDOS"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|"; rawbytes; depth:20; threshold:type both, count 1, seconds 60, track by_src; classtype:trojan-activity; reference:url,doc.bleedingthreats.net/2003483; reference:url,isc.sans.org/diary.html?storyid=2451; sid:2003484; rev:3;)

Added 2007-03-16 09:00:27 UTC


alert tcp any any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE WORM Allaple Unique HTTP Request - Possibly part of DDOS"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|"; rawbytes; depth:20; classtype:trojan-activity; reference:url,doc.bleedingthreats.net/2003483; reference:url,isc.sans.org/diary.html?storyid=2451; sid:2003484; rev:2;)

Added 2007-03-16 08:45:23 UTC


alert tcp any any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE WORM Allaple Unique HTTP Request - Possibly part of DDOS"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|"; rawbytes; depth:20; classtype:trojan-activity; reference:url,doc.bleedingthreats.net/2003483; sid:2003484; rev:1;)

Added 2007-03-15 19:20:32 UTC


Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-03-16 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats