ET INFO Possible Sandvine PacketLogic Injection
Sourceet/open
Fileemerging-info.rules
CreatedMarch 13, 2018
UpdatedMay 21, 2024
Classificationmisc-activity
alert http1 any any -> any any (msg:"ET INFO Possible Sandvine PacketLogic Injection"; flow:established,to_client ; id:13330; flags:AF; content:"HTTP/1.1 307 Temporary Redirect|0a|Location|3a 20|"; depth:42; fast_pattern; content:"Connection: close|0a 0a|" ; endswith; reference:url,citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/ ; classtype:misc-activity; sid:2025428; rev:6; metadata:attack_target Client_and_Server, created_at 2018_03_13, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_21;)
References
Metadata
attack targetClient_and_Server
created at2018_03_13
deploymentDatacenter
performance impactLow
confidenceMedium
signature severityMinor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_05_21
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!