[Emerging-Sigs] IP check sig
jmott at emergingthreats.net
Wed Apr 15 14:18:42 HDT 2020
Cool, thanks Fran. We will get this added for tomorrow's release!
On Wed, Apr 15, 2020 at 4:59 PM Francis Trudeau <trudeauf at gmail.com> wrote:
> Ran into this in my travels:
> alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY IP Check
> (ip. jsontest .com)"; flow:to_server,established; urilen:1; content:"
> ip.jsontest.com"; http_host; depth:15; isdataat:!1,relative;
> fast_pattern; classtype:policy-violation; sid:30303; rev:1;)
> Please don't holler at me.
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs