alert ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO .exe File requested over FTP"; flow:established,to_server; dsize:>10; content:"RETR"; depth:4; content:".exe|0d 0a|"; distance:0; pcre:"/^RETR\s+[^\r\n]+?\x2eexe\r?$/m"; classtype:policy-violation; sid:2014906; rev:2; metadata:created_at 2012_06_15, updated_at 2012_06_15;)

Added 2017-08-07 21:08:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 21 (msg:"ET INFO .exe File requested over FTP"; flow:established,to_server; content:"RETR"; depth:4; content:".exe|0d 0a|"; distance:0; pcre:"/^RETR\s+[^\r\n]+?\x2eexe\r?$/m"; classtype:policy-violation; sid:2014906; rev:1;)

Added 2012-06-15 20:26:13 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats