Nu mai am alte idei... sorry.
I am testing this one on Suricata 4.0.0 under diff firewall fork and I get hit on this rules.
I am testing this one on Suricata 4.0.0 under diff firewall fork and I get hit on this rules.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Show posts Menu# Emerging Threats
#
# This distribution may contain rules under two different licenses.
#
# Rules with sids 1 through 3464, and 100000000 through 100000908 are under the GPLv2.
# A copy of that license is available at http://www.gnu.org/licenses/gpl-2.0.html
#
# Rules with sids 2000000 through 2799999 are from Emerging Threats and are covered under the BSD License
# as follows:
#
#*************************************************************
# Copyright (c) 2003-2017, Emerging Threats
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
# following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
# disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
# following disclaimer in the documentation and/or other materials provided with the distribution.
# * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#*************************************************************
#
#
#
#
# This Ruleset is EmergingThreats Open optimized for suricata-2.0-enhanced.
#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INAPPROPRIATE Google Image Search, Safe Mode Off"; flow:established,to_server; uricontent:"&safe=off"; content:"|0d 0a|Host|3a| images.google.com|0d 0a|"; reference:url,doc.emergingthreats.net/bin/view/Main/2002925; classtype:policy-violation; sid:2002925; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn preteen"; flow: from_server,established; content:"preteen"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001346; classtype:policy-violation; sid:2001346; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn pre-teen"; flow: from_server,established; content:"pre-teen"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001347; classtype:policy-violation; sid:2001347; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn early teen"; flow: from_server,established; content:"early teen"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001348; classtype:policy-violation; sid:2001348; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn pthc"; flow: from_server,established; content:" pthc "; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2001386; classtype:policy-violation; sid:2001386; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn zeps"; flow: from_server,established; content:" zeps "; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2001387; classtype:policy-violation; sid:2001387; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn r@ygold"; flow: from_server,established; content:" r@ygold "; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2001388; classtype:policy-violation; sid:2001388; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Kiddy Porn childlover"; flow: from_server,established; content:" childlover "; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2001389; classtype:policy-violation; sid:2001389; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE free XXX"; flow: to_client,established; content:"FREE XXX"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001349; classtype:policy-violation; sid:2001349; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE hardcore anal"; flow: to_client,established; content:"hardcore anal"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001350; classtype:policy-violation; sid:2001350; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE masturbation"; flow: to_client,established; content:"masturbat"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001351; classtype:policy-violation; sid:2001351; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE ejaculation"; flow: to_client,established; content:"ejaculat"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001352; classtype:policy-violation; sid:2001352; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE BDSM"; flow: to_client,established; content:"BDSM"; nocase; threshold: type threshold, track by_dst,count 5, seconds 360; reference:url,doc.emergingthreats.net/bin/view/Main/2001353; classtype:policy-violation; sid:2001353; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Sextracker Tracking Code Detected (1)"; flow: from_server,established; content:"BEGIN SEXLIST REFERRER-STATS CODE"; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2001392; classtype:policy-violation; sid:2001392; rev:11; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Sextracker Tracking Code Detected (2)"; flow: from_server,established; content:"BEGIN SEXTRACKER CODE"; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2001393; classtype:policy-violation; sid:2001393; rev:11; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INAPPROPRIATE Likely Porn"; flow: established,from_server; pcre:"/ (FREE XXX|dildo|masturbat|oral sex|ejaculat|up skirt|tits|bondage|lolita|clitoris|cock suck|hardcore (teen|anal|sex|porn)|raw sex|((fuck|sex|porn|xxx) (movies|dvd))|((naked|nude) (celeb|lesbian)))\b/i"; reference:url,doc.emergingthreats.net/bin/view/Main/2001608; classtype:policy-violation; sid:2001608; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE alt.binaries.pictures.tinygirls"; flow:to_client,established; content:"alt.binaries.pictures.tinygirls"; nocase; classtype:policy-violation; sid:2101837; rev:6; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE anal sex"; flow:to_client,established; content:"anal sex"; nocase; classtype:policy-violation; sid:2101317; rev:9; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE fuck fuck fuck"; flow:to_client,established; content:"fuck fuck fuck"; nocase; classtype:policy-violation; sid:2101316; rev:9; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE fuck movies"; flow:to_client,established; content:"fuck movies"; nocase; classtype:policy-violation; sid:2101320; rev:9; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE hardcore anal"; flow:to_client,established; content:"hardcore anal"; nocase; classtype:policy-violation; sid:2101311; rev:9; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE hardcore rape"; flow:to_client,established; content:"hardcore rape"; nocase; classtype:policy-violation; sid:2101318; rev:9; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE hot young sex"; flow:to_client,established; content:"hot young sex"; nocase; classtype:policy-violation; sid:2101315; rev:9; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE naked lesbians"; flow:to_client,established; content:"naked lesbians"; nocase; classtype:policy-violation; sid:2101833; rev:6; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL INAPPROPRIATE up skirt"; flow:to_client,established; content:"up skirt"; nocase; classtype:policy-violation; sid:2101313; rev:11; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
drop udp $HOME_NET any -> $EXTERNAL_NET !53 (msg:"Admin-Rule !53 dns Query *.* domain"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|01|."; fast_pattern; distance:0; classtype:bad-unknown; sid:9900202; rev:2;)
drop dns $HOME_NET any -> $EXTERNAL_NET !53 (msg:"Admin-Rule2 !53 dns Query"; dns_query; sid:9900204; rev:2;)
v4url=${v4url:-"http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt"}
v6url=${v6url:-"http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt"}
...