NYGiantsFan
asked on
question regarding snort rule
Hi,
I am somewhat new to reading snort rule sets. Can someone translate this for me. Thanks.
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Sogoul.com Spyware User-Agent (SogouIMEMiniSetup?)"; flow:established,to_server ; content:"User-Agent|3a| SogouIME?"; http_header; reference:url,doc.emerging threats.ne t/2008500; classtype:trojan-activity; sid:2008500; rev:6;)
I am somewhat new to reading snort rule sets. Can someone translate this for me. Thanks.
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Sogoul.com Spyware User-Agent (SogouIMEMiniSetup?)"; flow:established,to_server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.