alert ip any tny,,2226,8,, -> any !ny (app-layer-event:applayer_mismatch_protocol_both_dirowint:apount,!=is4.68.164,1.34 75.110,1.34.81.36,1.J4.84.66,1.34.87.153,1.34.110.160,1.34.118.84,1.34.149.44,1.34.201.191,1.71.23.244,1.162.236.225,1.176.152.8,1.176.15!.59,1.180.237.106,1.180.237.107,1.180.237.108,1.180.237.109,1.209.255.233,1.217.33.146,-.229.133.132,1.236.73.195,1.239.170.230,1.245.218.53,1.254.38.83,2.185.214.170,2.229.41.82,5.2.160.128,5.2.174.106,5.2.203.96,5.2.209.33,5.17.188.194,5.44.14.240,5.57.165.68,5.79.73.145,5.104.228.31,5.1G8.2.117,5.149.144.94,5.167.96.51,5.185.95.85,5.185.117.627,5.189.186.3] aZy -> $HOME_NET any (msg:"ET CINS Active Threat Intelligence Poor Repu.Dsh%eldIP; sid:24020;0; rev:4228;)
