[Emerging-Sigs] 2025103/ET INFO HTTP POST Request to Suspicious *.cf Domain
jwilliams at emergingthreats.net
Thu Dec 7 08:00:27 HST 2017
Ah, yep, will get that fixed up right away.
On Thu, Dec 7, 2017 at 11:57 AM, Packet Hack <pckthck at gmail.com> wrote:
> Sig is falsing pretty bad on .cfm pages in the Referer.
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO
> HTTP POST Request to Suspicious *.cf Domain";
> flow:established,to_server; content:"POST"; http_method;
> content:".cf"; fast_pattern; http_header; classtype:bad-unknown;
> sid:2025103; rev:2; metadata:created_at 2017_12_03, updated_at
> Qualify this for the Host: header?
> -- pckthck
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs