alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET POLICY Logmein.com/Join.me SSL Remote Control Access"; flow:established,from_server; content:"|16 03|"; depth:2; content:"|55 04 0a|"; distance:0; content:"|0d|LogMeIn, Inc."; distance:1; within:14; content:".app"; classtype:policy-violation; sid:2014756; rev:5;)

Added 2012-10-05 23:19:26 UTC

This rule description should be modified as it implies remote control access has occurred, when in fact a re-connection to the gateway server (allows remote control access but is not remote control access in and of itself) can trigger this event.

-- BitmeLancelot - 2015-03-06


alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET POLICY Logmein.com SSL Remote Control Access"; flow:established,from_server; content:"LogMeIn, Inc."; content:".app"; distance:0; content:".logmein.com"; within:17; classtype:policy-violation; sid:2014756; rev:3;)

Added 2012-05-17 22:00:09 UTC


Topic revision: r2 - 2015-03-06 - BitmeLancelot
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats