Snort mailing list archives
Re: (no subject)
From: "lists () packetmail net" <lists () packetmail net>
Date: Mon, 25 Mar 2013 15:30:44 -0500
On 03/25/2013 03:16 PM, alex dina wrote:
alert tcp $HOME_NET any <> $EXTERNAL_NET 80 (msg:"Known Intrusion Set DNS beacon over port 80"; flow:established,to_server; content: "jiji.com"; ! “kijiji.com”; nocase; reference:"High Side SpreadSheet"; rev:2; classtype:unknown; )
alert tcp $HOME_NET any <> $EXTERNAL_NET 80 (msg:"Known Intrusion Set DNS beacon over port 80"; flow:established,to_server; content: "jiji.com"; fast_pattern:only; content:!"kijiji.com"; nocase; reference:"High Side SpreadSheet"; classtype:bad-unknown; six:x; rev:1;) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- (no subject) Nikola Vulovic (Jan 12)
- Re: (no subject) Joel Esler (Jan 12)
- <Possible follow-ups>
- Re: (no subject) Y M (Jan 12)
- (no subject) Agent Smith (Jan 30)
- Re: (no subject) Joel Esler (Jan 30)
- Re: (no subject) waldo kitty (Jan 30)
- Re: (no subject) Joel Esler (Jan 30)
- (no subject) alex dina (Mar 25)
- Re: (no subject) lists () packetmail net (Mar 25)