alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 (msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server|3a| nginx/0."; offset: 17; depth: 19; content: "Content-Type|3a| text/html"; content:"|3a|80|3b|255.255.255.255"; fast_pattern:only; reference:url,doc.emergingthreats.net/2003296; classtype:trojan-activity; sid:2003296; rev:5;)

Added 2011-10-12 19:13:12 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 (msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server|3a| nginx/0."; offset: 17; depth: 19; content: "Content-Type|3a| text/html"; content:"|3a|80|3b|255.255.255.255"; fast_pattern:only; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003296; sid:2003296; rev:5;)

Added 2011-09-14 22:26:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 (msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server|3a| nginx/0."; offset: 17; depth: 19; content: "Content-Type|3a| text/html"; content:"|3a|80|3b|255.255.255.255"; fast_pattern:only; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003296; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lager.Win32; sid:2003296; rev:5;)

Added 2011-02-04 17:22:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 ( msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server\: nginx/0."; offset: 17; depth: 19; content: "Content-Type\: text/html"; content:"\:80\;255.255.255.255"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003296; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lager.Win32; sid:2003296; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 ( msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server\: nginx/0."; offset: 17; depth: 19; content: "Content-Type\: text/html"; content:"\:80\;255.255.255.255"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003296; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lager.Win32; sid:2003296; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 ( msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server\: nginx/0."; offset: 17; depth: 19; content: "Content-Type\: text/html"; content:"\:80\;255.255.255.255"; classtype:trojan-activity; sid:2003296; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 ( msg:"ET TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server\: nginx/0."; offset: 17; depth: 19; content: "Content-Type\: text/html"; content:"\:80\;255.255.255.255"; classtype:trojan-activity; sid:2003296; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 1025:5000 ( msg: "BLEEDING-EDGE TROJAN Possible Web-based DDoS?-command being issued"; flow: established,from_server; content: "Server\: nginx/0."; offset: 17; depth: 19; content: "Content-Type\: text/html"; content:"\:80\;255.255.255.255"; classtype:trojan-activity; sid:2003296; rev: 1;)



Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats