#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Microsoft BITS User Agent"; flow:established,to_server; content:"Microsoft BITS/"; content:"Host\:"; within: 20; pcre:"/\/User-Agent\:[^\n]+Microsoft BITS\//i"; threshold: type limit, track by_src, count 1, seconds 300; reference:url,au.download.windowsupdate.com; classtype:policy-violation; sid:2002969; rev:5;)

Added 2008-01-31 18:48:10 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Microsoft BITS User Agent"; flow:established,to_server; content:"Microsoft BITS/"; content:"Host\:"; within: 20; pcre:"/\/User-Agent\:[^\n]+Microsoft BITS\//i"; threshold: type limit, track by_src, count 1, seconds 300; reference:url,au.download.windowsupdate.com; classtype:policy-violation; sid:2002969; rev:5;)

Added 2008-01-31 18:48:10 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE POLICY Microsoft BITS User Agent"; flow:established,to_server; content:"Microsoft BITS/"; content:"Host\:"; within: 20; pcre:"/\/User-Agent\:[^\n]+Microsoft BITS\//i"; threshold: type limit, track by_src, count 1, seconds 300; reference:url,au.download.windowsupdate.com; classtype:policy-violation; sid:2002969; rev:4;)



Topic revision: r1 - 2008-01-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats