Snort mailing list archives

Re: (no subject)

From: "lists () packetmail net" <lists () packetmail net>
Date: Mon, 25 Mar 2013 15:30:44 -0500

On 03/25/2013 03:16 PM, alex dina wrote:

alert tcp $HOME_NET any <> $EXTERNAL_NET 80 (msg:"Known Intrusion Set DNS beacon
over port 80"; flow:established,to_server; content: "jiji.com"; ! “kijiji.com”;
nocase; reference:"High Side SpreadSheet"; rev:2; classtype:unknown; )


alert tcp $HOME_NET any <> $EXTERNAL_NET 80 (msg:"Known Intrusion Set DNS beacon
over port 80"; flow:established,to_server; content: "jiji.com";
fast_pattern:only; content:!"kijiji.com"; nocase; reference:"High Side
SpreadSheet"; classtype:bad-unknown; six:x; rev:1;)

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

(no subject) Nikola Vulovic (Jan 12)
- Re: (no subject) Joel Esler (Jan 12)
- <Possible follow-ups>
- Re: (no subject) Y M (Jan 12)
- (no subject) Agent Smith (Jan 30)
  - Re: (no subject) Joel Esler (Jan 30)
    - Re: (no subject) waldo kitty (Jan 30)
- (no subject) alex dina (Mar 25)
  - Re: (no subject) lists () packetmail net (Mar 25)