Attic/
[show contents]
|
|
|
|
|
POLICY_AOL_Toolbar
|
1.1 |
15 months |
jonkman |
: Thanks qru
|
|
POLICY_AOL_Webmail
|
1.6 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_Administrator_Login
|
1.4 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_Basic_HTTP_Auth
|
1.10 |
9 months |
jonkman |
2006380 2006402: added a leading 0d 0a to eliminate proxy-auth falses
|
|
POLICY_Binary_Downloads
|
1.14 |
7 months |
jonkman |
2000419 2000427: Updating for small doanload rule
|
|
POLICY_Bogon_Nets
|
1.11 |
10 months |
jonkman |
2002749 2002750: updated from bogon
|
|
POLICY_Boitho.com
|
1.1 |
13 months |
jonkman |
2003652 2003654: New stuff
|
|
POLICY_CCProxy
|
1.1 |
10 months |
jonkman |
: newness
|
|
POLICY_Centralops.net
|
1.2 |
14 months |
jonkman |
2003624 2003631: typo fixes
|
|
POLICY_Cisco_Config_Change
|
1.4 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_Classified_Information
|
1.10 |
11 months |
jonkman |
2002474 2002558 2002639: PCRE typo fixes, thanks Juergen
|
|
POLICY_Credit_Card_Numbers
|
1.11 |
2 years |
fknobbe |
SIDs 2001375 2001376 2001377 2001378 2001379 2001380 2001381 2001382 2001383: Re... |
|
POLICY_DNS_Responses
|
1.7 |
18 months |
jonkman |
Added !SMTP_SERVERS, thanks Michael
|
|
POLICY_DNS_Tunnel_nstx
|
1.1 |
2 years |
jonkman |
New from Myron Davis
|
|
POLICY_Dameware
|
1.4 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_EXE
|
1.1 |
17 months |
bhartstein |
sid:2003325, added Policy Rule to detect generic executable attachments
|
|
POLICY_EXE_HTTP
|
1.7 |
11 months |
jonkman |
2006434: Removed leading / per Reg's advice, makes this more versatile
|
|
POLICY_EXE_NoUserAgent
|
1.3 |
14 months |
jonkman |
2003179 2003595: Killing some falses
|
|
POLICY_Ebay
|
1.6 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_FTP_Login
|
1.7 |
16 months |
bhartstein |
sid:2003410 set unique flowbit for singleton alert per login
|
|
POLICY_Fox_ABC_On_Demand
|
1.1 |
8 months |
jonkman |
: New from will metcalf
|
|
POLICY_Gazzag.com
|
1.1 |
16 months |
jonkman |
: Not bad sites, just not always appropriate. Use these sigs where needed only
|
|
POLICY_Google
|
1.3 |
10 months |
jonkman |
*** empty log message ***
|
|
POLICY_GotoMyPC
|
1.10 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_Groove.net
|
1.3 |
14 months |
jonkman |
2003602: typo fix
|
|
POLICY_Gtalk
|
1.1 |
21 months |
fknobbe |
SID 2003092: New sig from Robert Sharp. Not tested thus disabled by default.
|
|
POLICY_HOTMAIL_Mail_Use
|
1.9 |
2 years |
fknobbe |
SIDs 2000035 2000036 2000037: Escaped ? in pcre's.
|
|
POLICY_HP_Web_Jetadmin_Executefile_Access
|
1.6 |
2 years |
fknobbe |
SIDs 2001055: Removed space behind reference to avoid duplicate reference_system... |
|
POLICY_HTTP_Tunneling_via_Proxy
|
1.6 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_HTTP_on_Off_Ports
|
1.1 |
11 months |
jonkman |
: In for testing
|
|
POLICY_Hamachi_VPN
|
1.1 |
2 years |
jonkman |
New from dajackman
|
|
POLICY_Hi5.com
|
1.1 |
16 months |
jonkman |
: Not bad sites, just not always appropriate. Use these sigs where needed only
|
|
POLICY_Hyves
|
1.2 |
8 months |
jonkman |
2007627 2007628 2007629 2007630 2007631: my typo fixes
|
|
POLICY_IM_ICQ
|
1.12 |
2 years |
jonkman |
2002986: More spyware
|
|
POLICY_IM_Jabber
|
1.8 |
2 years |
bhartstein |
sid 2002335 had \ /, converted to hex
|
|
POLICY_IM_MSN
|
1.11 |
2 years |
bhartstein |
sid: 2002192, changed hex to ascii
|
|
POLICY_IM_Yahoo
|
1.8 |
10 months |
jonkman |
2007066 2007067 2007068 2007069: New from Chris Newton
|
|
POLICY_IRC
|
1.5 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_IRS_Related
|
1.2 |
22 months |
jonkman |
2002658: pcre was hosed
|
|
POLICY_ImageSpam
|
1.3 |
20 months |
jonkman |
2003118 2003120: Sid conflict fix
|
|
POLICY_Infotriever
|
1.5 |
15 months |
jonkman |
2002082 2002082: trying this out to eliminate falses, and better document
|
|
POLICY_Itunes
|
1.2 |
2 years |
fknobbe |
SID 2002878: Fixed typo in reference.
|
|
POLICY_Kitco_Ticker
|
1.6 |
2 years |
jonkman |
MSG changes to eliminate dupes only
|
|
POLICY_MP3_Files
|
1.1 |
2 years |
bhartstein |
added policy rules for mp3 file transfers
|
|
POLICY_MS_Teredo_Tunnel
|
1.1 |
14 months |
jonkman |
: Moved from CURRENT EVENTS
|
|
POLICY_Majestic-12
|
1.2 |
16 months |
jonkman |
2003409: Thanks Stephen
|
|
POLICY_McAffee
|
1.2 |
16 months |
jonkman |
2003381: msg update
|
|
POLICY_Metacafe
|
1.1 |
12 months |
jonkman |
: New from will metcalf
|
|
POLICY_Metacafe.com
|
1.1 |
16 months |
jonkman |
: Not bad sites, just not always appropriate. Use these sigs where needed only
|
|
POLICY_Mozilla_XPI_Install
|
1.6 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_Myspace
|
1.2 |
18 months |
fknobbe |
SIDs 2002872: Added missing flow statement.
|
|
POLICY_Nagios
|
1.1 |
10 months |
jonkman |
: might be interesting
|
|
POLICY_Netflix
|
1.1 |
8 months |
jonkman |
: New from will metcalf
|
|
POLICY_Netop_Remote_Control
|
1.6 |
2 years |
fknobbe |
SIDs 2001597: Removed space behind reference to avoid duplicate reference_system... |
|
POLICY_Netvacy.com
|
1.1 |
16 months |
jonkman |
: Not bad sites, just not always appropriate. Use these sigs where needed only
|
|
POLICY_Non-Standard_SSH_Port
|
1.19 |
2 years |
bhartstein |
sid:2001984, old one ok
|
|
POLICY_Orkut.com
|
1.1 |
16 months |
jonkman |
: Not bad sites, just not always appropriate. Use these sigs where needed only
|
|
POLICY_PCMesh
|
1.3 |
23 months |
jonkman |
2003040 2003069: PCMesh Sigs work now! THanks Scott
|
|
POLICY_PHP_Proxy
|
1.3 |
11 months |
jonkman |
2006410: updated reference
|
|
POLICY_Pingdom_Monitoring
|
1.3 |
18 months |
jonkman |
typo fixes
|
|
POLICY_Possible_Infection_Emails
|
1.5 |
7 months |
jonkman |
2007611 2007612: distance update
|
|
POLICY_Prospero_Chat
|
1.7 |
2 years |
fknobbe |
SIDs 2001989: Removed space behind reference to avoid duplicate reference_system... |
|
POLICY_Proxy_Judge
|
1.1 |
23 months |
jonkman |
: New from Scott Melnick
|
|
POLICY_RAR_Files
|
1.4 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_RDP_Connections
|
1.9 |
10 months |
jonkman |
2007571: typo fix
|
|
POLICY_Radmin
|
1.2 |
15 months |
jonkman |
2003479 2003480 2003481 2003482: typo fix
|
|
POLICY_Real.com_Game_Installs
|
1.2 |
23 months |
fknobbe |
SID 2003045: Removed http.Useragent flowbit and reverted to content check. Snort... |
|
POLICY_SC-KeyLog
|
1.2 |
2 years |
jonkman |
Typo
|
|
POLICY_SSH
|
1.6 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_SSL_TLS_on_High_Port
|
1.14 |
12 months |
jonkman |
2004598: Excluding aol traffic
|
|
POLICY_SSN_in_the_Clear
|
1.10 |
2 years |
bhartstein |
sid 2001328,2001384 pcre fix, thanks William O'Malley
|
|
POLICY_Skype
|
1.13 |
23 months |
fknobbe |
SID 2003022: Added HOME_NET and EXTERNAL_NET, and changed source ports to 1024:6... |
|
POLICY_Small_Binary_Downloads
|
1.6 |
7 months |
jonkman |
2007671: not going down to 100k or less
|
|
POLICY_Tor
|
1.17 |
8 months |
jonkman |
2001728: removed a duplicate
|
|
POLICY_Unauthorized_Proxying
|
1.5 |
3 years |
fknobbe |
Implemented Joel Ebrahimi's rule optimizations (re-ordering of options for perfo... |
|
POLICY_Unauthorized_SMTP
|
1.14 |
13 months |
jonkman |
2003864: New, seeing bots use 587 to send mail
|
|
POLICY_WebEx_Traffic
|
1.5 |
2 years |
fknobbe |
SIDs 2001712 2001713 2001714: Removed space behind reference to avoid duplicate ... |
|
POLICY_WebShots
|
1.4 |
23 months |
fknobbe |
SID 2002407: Removed http.Useragent flowbit and reverted to content check. Snort... |
|
POLICY_Web_Crawling
|
1.12 |
2 years |
jonkman |
Name updates
|
|
POLICY_Webmail
|
1.6 |
2 years |
jonkman |
Wasn't interesting, removed SurfMK sig
|
|
POLICY_Winamp
|
1.1 |
20 months |
jonkman |
: New by Andrew Wood
|
|
POLICY_Windows_98
|
1.3 |
7 months |
jonkman |
2007695: reference typo fix, thanks markus
|
|
POLICY_Windows_Updates
|
1.8 |
18 months |
fknobbe |
SIDs: 2002948 2002949 2002969 2003179 2003196 2003197: Added missing classtype.
|
|
POLICY_Winpcap_Install
|
1.1 |
2 years |
jonkman |
Found that installing winpcap results in a specific http get to winpcap.org to p... |
|
POLICY_Xbox
|
1.4 |
2 years |
jonkman |
Fixed a bad escape error
|
|
POLICY_Yahoo360
|
1.1 |
16 months |
jonkman |
: Not bad sites, just not always appropriate. Use these sigs where needed only
|
|
POLICY_Zip_Contents
|
1.9 |
3 years |
jonkman |
Putting all flowbits write operations after content
|
|
POLICY_bodog.com
|
1.3 |
21 months |
mwarren |
SID:2003100; Added domain to sig
|
|
POLICY_iMesh
|
1.1 |
21 months |
fknobbe |
SID 2003093: New sig for iMesh from Russ.
|
|
POLICY_TROJAN_DNS_Lookups
|
This entry is unreadable
|
