Back to Rule

Rule History

SID: 2000348 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 18Jul 30, 2010, 12:00 PM

ET POLICY IRC Channel JOIN on non-standard port

alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,587,6666:7000,8076] (msg:"ET POLICY IRC Channel JOIN on non-standard port"; flow:established,to_server; dsize:<64; content:"JOIN "; nocase; depth:5; pcre:"/&|#|\+|!/R"; reference:url,www.rfc-editor.org/rfc/rfc1459#section-4.2.1; classtype:unusual-client-port-connection; sid:2000348; rev:18; metadata:attack_target Client_and_Server, created_at 2010_07_30, deployment Perimeter, performance_impact Moderate, confidence Medium, signature_severity Informational, updated_at 2023_05_09, reviewed_at 2024_09_16; target:src_ip;)

Jul 30, 2010, 12:00 PM

May 9, 2023, 12:00 PM

Jul 30, 2010, 12:00 PM

Sep 16, 2024, 11:00 PM

rules/emerging-policy.rules