[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] (no subject)
From:       "lists () packetmail ! net" <lists () packetmail ! net>
Date:       2013-03-25 20:30:44
Message-ID: 5150B3F4.3000009 () packetmail ! net
[Download RAW message or body]

On 03/25/2013 03:16 PM, alex dina wrote:
> alert tcp $HOME_NET any <> $EXTERNAL_NET 80 (msg:"Known Intrusion Set DNS beacon
> over port 80"; flow:established,to_server; content: "jiji.com"; ! "kijiji.com";
> nocase; reference:"High Side SpreadSheet"; rev:2; classtype:unknown; )

alert tcp $HOME_NET any <> $EXTERNAL_NET 80 (msg:"Known Intrusion Set DNS beacon
over port 80"; flow:established,to_server; content: "jiji.com";
fast_pattern:only; content:!"kijiji.com"; nocase; reference:"High Side
SpreadSheet"; classtype:bad-unknown; six:x; rev:1;)

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]