[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bleeding-sigs
Subject:    [Bleeding-sigs] Signature for access to gambling site.
From:       Frank Knobbe <frank () knobbe ! us>
Date:       2006-09-20 7:51:11
Message-ID: 1158738671.1225.40.camel () localhost
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


I'm sure there are more gambling sites. A good idea to add to POLICY
rules. If you know of other gambling sites, please send them our way.

# Submitted 2006-09-17 by Mark Warren
# This signature was designed to detect access to http://www.bodog.com
# This website contains pornography, gambling, sports and sports related
betting
# The commercials for this website state that portions of the site were
designed
# to bypass security filters.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE
POLICY Porn-Sports-Gambling site designed to bypass restrictions";
flow:to_server,established; content:"Host\:"; nocase; pcre:"/Host\:[^
\n]+\.(bodog|bodogbeat|bodognation|bodogmusic|bodogconference|
bodogpokerchampionships)\.com/i";  reference:url,www.bodog.com;
classtype:policy-violation; sid:2003100; rev:2;)


--=20
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.


["signature.asc" (application/pgp-signature)]

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/bleeding-sigs


[prev in list] [next in list] [prev in thread] [next in thread]