[Oisf-users] Should this be firing?
Paul Halliday
paul.halliday at gmail.com
Wed Jul 13 15:37:53 UTC 2011
SID 2002027: ET CHAT IRC PING
alert tcp any any -> any any (msg:"ET CHAT IRC PING command";
flowbits:isnotset,is_proto_irc; flow: from_server,established;
content:"PING|20|"; nocase; offset: 0; flowbits: set,irc.ping;
flowbits:noalert;
On:
ping basket">...........</a>.....................................</td>........<td>....
......................
... ......................................
Or:
ping in an Underwater Bedroom Would Be Amazing</a></h1>.......<div
class="post-body">........<p>.........The Conrad Mald
ives Rangali Island Hotel in the Indian Ocean has a stunning undersea
restaurant. To celebrate its 5th anniversary, the
hotel turned the restaurant into a private bedroom for two with a
fancy champagne dinner and breakfast in bed..........<
a href="http://gizmodo.com/5820721/sleeping-in-an-underwater-bedroom-would-be-amazing"
I have a few rules today that seem to be acting a little strange. A
setting maybe?
[100153] 13/7/2011 -- 12:37:35 - (suricata.c:431) <Info> (main) --
This is Suricata version 1.0.4
Thanks.
--
Paul Halliday
http://www.squertproject.org/
More information about the Oisf-users
mailing list