alert tcp $HOME_NET any -> [205.196.136.9,210.21.31.114,118.171.251.158,202.75.48.227,61.197.186.36,202.99.10.38,131.107.100.158,66.249.93.102,218.169.186.93,203.13.134.161,59.117.240.222,72.246.89.133,114.45.22.115,198.22.236.38,70.85.195.236,220.138.148.35,59.117.240.222,118.161.206.194,67.137.230.73,220.136.233.18,208.96.32.3,65.49.14.12,61.197.186.36,64.62.138.28,195.39.222.218,202.67.56.65,65.49.14.12,114.44.44.158,210.208.94.226,203.30.164.150,64.38.220.186,202.99.10.38,219.85.5.60] 443 (msg:"ET POLICY Ultrasurf Anonymizer Connection Outbound"; flow:established; threshold:type both, count 1, track by_dst, seconds 60; classtype:policy-violation; sid:2008534; rev:1;)

Added 2008-09-02 09:39:30 UTC


Topic revision: r1 - 2008-09-02 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats