Project

General

Profile

Actions

Bug #213

closed

Fail to alert on sid 2000571

Added by Josh Smith over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata fails to alert on sid 2000571. Snort alerts on it.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY AOL Webmail Message Send"; flow: to_server,established; uricontent:"/compose_frame.adp"; content:"POST"; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2000571; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_AOL_Webmail; sid:2000571; rev:6;)


Files

2000571.pcap (642 Bytes) 2000571.pcap Josh Smith, 07/16/2010 02:29 PM
Actions

Also available in: Atom PDF