Bug #215: Fail to alert on sid 2009301 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #215

closed

Fail to alert on sid 2009301

Added by Josh Smith over 14 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

1.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Suricata fails to alert on sid 2009301.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Megaupload file download service access"; flow:to_server,established; content:"GET "; depth: 4; uricontent:"/?d="; content:"|0d 0a|Host\: "; content:"megaupload.com"; within:25; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009301; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Download_Services; sid:2009301; rev:2;)

Files

2009301.pcap (652 Bytes) 2009301.pcap

Josh Smith, 07/16/2010 02:39 PM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #215

Fail to alert on sid 2009301

Updated by Will Metcalf over 14 years ago

Updated by Will Metcalf over 14 years ago

Updated by Victor Julien over 14 years ago