[Emerging-Sigs] Updated Flash Rules

Robert Grabowsky rgrabowsky at rasecurity.com
Wed Dec 12 03:07:01 HAST 2012


Updated rules Flash Version IE and Mac:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY 
Outdated Windows Flash Version IE"; flow:established,to_server; 
content:"x-flash-version|3a 20|"; http_header; 
content:!"x-flash-version|3a 20|11,5,502,135|0d 0a|"; http_header; 
content:"MSIE"; http_header; pcre:"/^User-Agent\x3a[^\r\n]+?MSIE/Hm"; 
threshold: type limit, count 1, seconds 60, track by_src; 
reference:url,www.adobe.com/software/flash/about/; 
classtype:policy-violation; sid:2014726; rev:15;)


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY 
Outdated Mac Flash Version"; flow:established,to_server; 
content:"x-flash-version|3a| "; http_header; 
content:!"x-flash-version|3a 20|11,5,502,136|0d 0a|"; http_header; 
content:"Macintosh"; http_header; 
pcre:"/^User-Agent\x3a.+?Macintosh/Hm"; threshold: type limit, count 1, 
seconds 60, track by_src; classtype:policy-violation; sid:2014727; rev:10;)





More information about the Emerging-sigs mailing list