#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Zero Content-Length HTTP POST with data (outbound)"; flow:established,to_server; content:"POST"; nocase; http_method; content:"|0D 0A|Content-Length|3a| 0|0D 0A|"; content:"|0D 0A 0D 0A|"; distance:0; isdataat:1,relative; classtype:bad-unknown; sid:2011819; rev:1; metadata:created_at 2010_10_14, updated_at 2010_10_14;)

Added 2017-08-07 21:04:52 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Zero Content-Length HTTP POST with data (outbound)"; flow:established,to_server; content:"POST"; nocase; http_method; content:"|0D 0A|Content-Length|3a| 0|0D 0A|"; content:"|0D 0A 0D 0A|"; distance:0; isdataat:1,relative; classtype:bad-unknown; sid:2011819; rev:1;)

Added 2012-01-18 18:01:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Zero Content-Length HTTP POST with data (outbound)"; flow:established,to_server; content:"POST"; nocase; http_method; content:"|0D 0A|Content-Length|3a| 0|0D 0A|"; content:"|0D 0A 0D 0A|"; distance:0; isdataat:1,relative; classtype:bad-unknown; sid:2011819; rev:1;)

Added 2011-10-12 19:32:38 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Zero Content-Length HTTP POST with data (outbound)"; flow:established,to_server; content:"POST"; nocase; http_method; content:"|0D 0A|Content-Length|3a| 0|0D 0A|"; content:"|0D 0A 0D 0A|"; distance:0; isdataat:1,relative; classtype:bad-unknown; sid:2011819; rev:1;)

Added 2011-02-04 17:31:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats