alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; reference:url,doc.emergingthreats.net/2003869; classtype:misc-attack; sid:2003869; rev:8;)

Added 2017-05-05 16:58:50 UTC


alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; metadata: former_category SCAN; reference:url,doc.emergingthreats.net/2003869; classtype:misc-attack; sid:2003869; rev:8;)

Added 2017-05-03 17:35:06 UTC


alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; reference:url,doc.emergingthreats.net/2003869; classtype:misc-attack; sid:2003869; rev:8;)

Added 2017-04-21 17:28:16 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; reference:url,doc.emergingthreats.net/2003869; classtype:misc-attack; sid:2003869; rev:7;)

Added 2017-04-20 17:48:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; reference:url,doc.emergingthreats.net/2003869; classtype:misc-attack; sid:2003869; rev:9;)

Added 2011-10-12 19:14:21 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; classtype:misc-attack; reference:url,doc.emergingthreats.net/2003869; sid:2003869; rev:9;)

Added 2011-09-14 22:27:28 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; flow:established,to_server; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; classtype:misc-attack; reference:url,doc.emergingthreats.net/2003869; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_ReconBot; sid:2003869; rev:9;)

Added 2011-02-04 17:22:48 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; flow:established,to_server; classtype: misc-attack; reference:url,doc.emergingthreats.net/2003869; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_ReconBot; sid:2003869; rev:5;)

Added 2010-03-08 13:53:45 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; content:"CONNECT "; depth:8; content:"|3A|25 HTTP/"; within:200; flow:established,to_server; classtype: misc-attack; reference:url,doc.emergingthreats.net/2003869; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_ReconBot; sid:2003869; rev:5;)

Added 2010-03-08 13:53:45 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; content:"CONNECT"; depth: 7; pcre:"/\x3a25 HTTP/"; flow:established,to_server; classtype: misc-attack; reference:url,doc.emergingthreats.net/2003869; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_ReconBot; sid:2003869; rev:3;)

Added 2009-02-12 18:21:19 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN ProxyReconBot? CONNECT method to Mail"; content:"CONNECT"; depth: 7; pcre:"/\x3a25 HTTP/"; flow:established,to_server; classtype: misc-attack; sid:2003869; rev:2;)

Added 2008-01-29 10:56:40 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE SCAN ProxyReconBot? CONNECT method to Mail"; content:"CONNECT"; depth: 7; pcre:"/\x3a25 HTTP/"; flow:established,to_server; classtype: misc-attack; sid:2003869; rev:1;)

Added 2007-05-24 14:15:20 UTC


Topic revision: r2 - 2009-05-12 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats