alert tcp any 443 -> any any (sid:1054058; content:"MSIT Machine Auth CA 2"; offset:245; depth:22; content:"*.config.skype.com"; offset:312; depth:18; flowbits:set, mark1054058; flowbits:noalert;)
alert tcp any 443 -> any any (sid:1054063; content:"Microsoft Internet Authority"; offset:130; depth:232; content:"MSIT Machine Auth CA 2"; offset:299; depth:226; flowbits:isset, mark1054058; flowbits:unset, mark1054058; flowbits:set, mark1054063; flowbits:noalert;)
alert tcp any 443 -> any any (sid:1054060; content:"Baltimore CyberTrust Root"; offset:269; depth:229; content:"Microsoft Internet Authority"; offset:339; depth:232; flowbits:isset, mark1054063;)

alert tcp any any -> any any (sid:1004003; content:"api.skype.com"; offset:111; depth:234; )

'Tools > Snort' 카테고리의 다른 글

skype snort rule  (0) 2015.04.30
POP3 snort rule  (0) 2015.04.30
Torrent snort rule  (0) 2015.04.30
FTP snort rule  (0) 2015.04.30
Offset, Depth, Distance, and Within  (0) 2014.12.11
by TrafficYoon 2015.04.30 09:53

alert tcp any any -> 163.152.6.98 110 (sid:1000000; content:"PASS "; offset:0; depth:5; )
alert tcp any any -> 163.152.6.98 110 (sid:1000001; content:"USER "; offset:0; depth:5; )
alert tcp any any -> 163.152.6.98 110 (sid:1000002; content:"CAPA|0d||0a|"; offset:0; depth:6; )
alert tcp any any -> 163.152.6.98 110 (sid:1000003; content:"STAT|0d||0a|"; offset:0; depth:6; )
alert tcp any any -> 163.152.6.98 110 (sid:1000004; content:"AUTH |0d||0a|"; offset:0; depth:7; )
alert tcp 163.152.6.98 110 -> any any (sid:1000005; content:"-ERR Invalid command|0d||0a|"; offset:0; depth:22; )
alert tcp 163.152.6.98 110 -> any any (sid:1000008; content:"+OK Maildrop has "; offset:0; depth:17; content:" messages ("; offset:18; depth:12; content:" bytes)|0d||0a|"; offset:30; depth:17; )

'Tools > Snort' 카테고리의 다른 글

skype snort rule  (0) 2015.04.30
POP3 snort rule  (0) 2015.04.30
Torrent snort rule  (0) 2015.04.30
FTP snort rule  (0) 2015.04.30
Offset, Depth, Distance, and Within  (0) 2014.12.11
by TrafficYoon 2015.04.30 09:51

alert tcp any any -> any any (sid:1000811; content:"|13|BitTorrent protocol"; offset:0; depth:40;)

alert udp any any -> any any (sid:1000812; content:"|13|BitTorrent protocol"; offset:0; depth:40;)

alert udp any any -> any any (sid:1027246; content:"d1:ad2:id20:"; offset:0; depth:12;)

alert udp any any -> any any (sid:1027247; content:"d1:rd2:id20:"; offset:0; depth:24;)

alert udp any 39235 -> any any (sid:1027538; content:"e1:q9:find_node1:t4:|f1|"; offset:63; depth:21;)

alert tcp any any -> any any (sid:1015014; content:"GET /"; offset:0; depth:5; content:"e?info_hash=%"; offset:10; depth:15; )

alert udp any 6771 -> 239.192.152.143 6771 (sid:1017017; content:"BT-SEARCH * HTTP/1.1|0d||0a|Host: 239.192.152.143:6771|0d||0a|Port: "; offset:0; depth:56; content:"|0d||0a|Infohash: "; offset:61; depth:12; content:"|0d||0a||0d||0a||0d||0a|"; offset:113; depth:6; )

 

'Tools > Snort' 카테고리의 다른 글

skype snort rule  (0) 2015.04.30
POP3 snort rule  (0) 2015.04.30
Torrent snort rule  (0) 2015.04.30
FTP snort rule  (0) 2015.04.30
Offset, Depth, Distance, and Within  (0) 2014.12.11
by TrafficYoon 2015.04.30 09:50
| 1 2 3 4 5 6 7 ··· 23 |