[Emerging-Sigs] IP check sig

Jack Mott jmott at emergingthreats.net
Wed Apr 15 14:18:42 HDT 2020


Cool, thanks Fran. We will get this added for tomorrow's release!

Best,

Jack

On Wed, Apr 15, 2020 at 4:59 PM Francis Trudeau <trudeauf at gmail.com> wrote:

> Ran into this in my travels:
>
> alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY IP Check
> (ip. jsontest .com)"; flow:to_server,established; urilen:1; content:"
> ip.jsontest.com"; http_host; depth:15; isdataat:!1,relative;
> fast_pattern; classtype:policy-violation; sid:30303; rev:1;)
>
> Please don't holler at me.
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200415/58209b3a/attachment-0001.html>


More information about the Emerging-sigs mailing list