alert http any any -> any any (msg:"ET INFO Possible Sandvine PacketLogic? Injection"; flow:established,from_server; id:13330; flags:AF; content:"HTTP/1.1 307 Temporary Redirect|0a|Location|3a 20|"; depth:42; fast_pattern; content:"Connection: close|0a 0a|"; distance:0; isdataat:!1,relative; metadata: former_category INFO; reference:url,citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/; classtype:misc-activity; sid:2025428; rev:1; metadata:attack_target Client_and_Server, deployment Datacenter, signature_severity Minor, created_at 2018_03_13, performance_impact Low, updated_at 2018_03_13;)

Added 2018-03-13 17:08:43 UTC


Topic revision: r1 - 2018-03-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats