#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"Windows 98"; http_user_agent; content:"GtekClient"; fast_pattern; http_user_agent; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; sid:2008037; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:14 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Windows 98"; http_header; content:"GtekClient"; fast_pattern:only; http_header; pcre:"/User-Agent\x3a[^\n]+Windows 98[^\n]+GtekClient/iH"; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; sid:2008037; rev:6;)

Added 2012-07-13 21:15:01 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Windows 98"; http_header; content:"GtekClient"; http_header; pcre:"/User-Agent\x3a[^\n]+Windows 98[^\n]+GtekClient/iH"; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; sid:2008037; rev:5;)

Added 2011-10-12 19:24:19 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Windows 98"; http_header; content:"GtekClient"; http_header; pcre:"/User-Agent\x3a[^\n]+Windows 98[^\n]+GtekClient/iH"; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; sid:2008037; rev:5;)

Added 2011-09-14 22:37:48 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Windows 98"; http_header; content:"GtekClient"; http_header; pcre:"/User-Agent\x3a[^\n]+Windows 98[^\n]+GtekClient/iH"; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Dell_Spyware; sid:2008037; rev:5;)

Added 2011-02-04 17:27:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Windows 98"; within:50; content:"GtekClient"; within:50; pcre:"/User-Agent\:[^\n]+Windows 98[^\n]+GtekClient/i"; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Dell_Spyware; sid:2008037; rev:2;)

Added 2009-02-11 19:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Windows 98"; within:50; content:"GtekClient"; within:50; pcre:"/User-Agent\:[^\n]+Windows 98[^\n]+GtekClient/i"; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Dell_Spyware; sid:2008037; rev:2;)

Added 2009-02-11 19:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gteko User-Agent Detected - Dell Remote Access"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Windows 98"; within:50; content:"GtekClient"; within:50; pcre:"/User-Agent\:[^\n]+Windows 98[^\n]+GtekClient/i"; reference:url,doc.emergingthreats.net/bin/view/Main/Windows98UA; classtype:policy-violation; sid:2008037; rev:1;)

Added 2008-03-21 12:52:14 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats