[Emerging-Sigs] chrome rdp

Rich Rumble richrumble at gmail.com
Mon Oct 24 19:02:16 EDT 2011


These are working well for us over the past week.

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY OutGoing
Chromoting Detected"; flow:to_server; content:"|58 2d 53 65 73 73 69
6f 6e 2d 54 79 70 65 3a 20 67 6f 6f 67 6c 65 3a 72 65 6d 6f 74 69 6e
67|"; reference:url,xinn.org/Chromoting.html; sid:999999999;)
alert udp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Incoming
Chromoting Detected"; flow:from_server; content:"|63 68 72 6F 6D 6F 74
69 6E 67|"; distance:170; content:"|63 68 72 6F 6D 6F 74 69 6E 67|";
distance:39; reference:url,xinn.org/Chromoting.html; sid:999999999;)

-rich


More information about the Emerging-sigs mailing list