[Snort-sigs] Fw: Snort Rules
wkitty42 at ...3507...
Thu Feb 14 19:24:55 EST 2013
On 2/14/2013 17:28, alex dina wrote:
> Also, can you please explain what these rule are looking for in a data packet?
> Thank you!
> alert tcp any any -> any any (msg:"Taidoor trojan - notify Threat Cell";
> content:"GET /"; content:".asp?est="; content:"&hn="; content:"&ha=";
> sid:4200455; rev:1;)
what is there to explain? it is very simple... it is looking for content blocks
of the following...
all must appear in the same packet...
More information about the Snort-sigs