[Emerging-Sigs] chrome rdp

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Oct 25 16:17:59 EDT 2011


Thanks Rich, getting them posted!

Matt
On Oct 24, 2011, at 7:02 PM, Rich Rumble wrote:

> These are working well for us over the past week.
> 
> alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY OutGoing
> Chromoting Detected"; flow:to_server; content:"|58 2d 53 65 73 73 69
> 6f 6e 2d 54 79 70 65 3a 20 67 6f 6f 67 6c 65 3a 72 65 6d 6f 74 69 6e
> 67|"; reference:url,xinn.org/Chromoting.html; sid:999999999;)
> alert udp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Incoming
> Chromoting Detected"; flow:from_server; content:"|63 68 72 6F 6D 6F 74
> 69 6E 67|"; distance:170; content:"|63 68 72 6F 6D 6F 74 69 6E 67|";
> distance:39; reference:url,xinn.org/Chromoting.html; sid:999999999;)
> 
> -rich
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!


----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-sigs mailing list