alert http $HOME_NET any -> [!134.170.0.0/16,$EXTERNAL_NET] any (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:established,to_server; content:" MSIE 5."; http_user_agent; fast_pattern; nocase; content:!".microsoft.com"; http_host; isdataat:!1,relative; content:!".trendmicro.com"; http_host; isdataat:!1,relative; content:!".sony.net"; http_host; isdataat:!1,relative; content:!".weather.com"; http_host; isdataat:!1,relative; content:!".yahoo.com"; http_host; isdataat:!1,relative; content:!".dellfix.com"; http_host; isdataat:!1,relative; content:!".oncenter.com"; http_host; isdataat:!1,relative; content:!"GeoVision"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:13; metadata:created_at 2013_05_20, updated_at 2019_06_20;)

Added 2019-06-20 18:41:41 UTC


alert http $HOME_NET any -> [!134.170.0.0/16,$EXTERNAL_NET] any (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:established,to_server; content:" MSIE 5."; http_user_agent; fast_pattern; nocase; content:!".microsoft.com"; http_host; isdataat:!1,relative; content:!".trendmicro.com"; http_host; isdataat:!1,relative; content:!".sony.net"; http_host; isdataat:!1,relative; content:!".weather.com"; http_host; isdataat:!1,relative; content:!".yahoo.com"; http_host; isdataat:!1,relative; content:!".dellfix.com"; http_host; isdataat:!1,relative; content:!"GeoVision"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:12; metadata:created_at 2013_05_20, updated_at 2013_05_20;)

Added 2018-09-13 19:46:57 UTC


Added 2018-09-13 17:57:38 UTC


alert http $HOME_NET any -> [!134.170.0.0/16,$EXTERNAL_NET] any (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_user_agent; fast_pattern; nocase; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; content:!".dellfix.com|0d 0a|"; http_header; content:!"GeoVision"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:11; metadata:created_at 2013_05_20, updated_at 2013_05_20;)

Added 2017-08-07 21:10:41 UTC


alert http $HOME_NET any -> [!134.170.0.0/16,$EXTERNAL_NET] any (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_user_agent; fast_pattern; nocase; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; content:!".dellfix.com|0d 0a|"; http_header; content:!"GeoVision"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:11;)

Added 2015-12-02 15:53:24 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_user_agent; fast_pattern; nocase; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; content:!".dellfix.com|0d 0a|"; http_header; content:!"GeoVision"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:10;)

Added 2015-06-29 17:03:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_user_agent; fast_pattern; nocase; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; content:!".dellfix.com|0d 0a|"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:9;)

Added 2015-05-18 18:36:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; fast_pattern:only; http_header; nocase; pcre:"/^User-Agent\x3a[^\r\n]+?\sMSIE\s5\./Hmi"; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:8;)

Added 2013-12-04 20:35:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3a[^\r\n]+?\sMSIE\s5\./Hmi"; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:5;)

Added 2013-06-26 22:31:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3a[^\r\n]+?\sMSIE\s5\./Hmi"; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; content:!".yahoo.com|0d 0a|"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:5;)

Added 2013-06-26 22:07:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3a[^\r\n]+?\sMSIE\s5\./Hmi"; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; threshold: type limit,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:4;)

Added 2013-05-23 19:39:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5."; flow:to_server,established; content:" MSIE 5."; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3a[^\r\n]+?\sMSIE\s5\./Hmi"; content:!".microsoft.com|0d 0a|"; http_header; content:!".trendmicro.com|0d 0a|"; http_header; content:!".sony.net|0d 0a|"; http_header; content:!".weather.com|0d 0a|"; http_header; threshold: type threshold,track by_src,count 2,seconds 60; classtype:policy-violation; sid:2016870; rev:3;)

Added 2013-05-21 18:25:12 UTC


Topic revision: r1 - 2019-06-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats