Versions (4)
Version DetailsCurrent
Rev: 4 • Mar 13, 2018, 12:00 PMET INFO Possible Sandvine PacketLogic Injection
alert http any any -> any any (msg:"ET INFO Possible Sandvine PacketLogic Injection"; flow:established,from_server; id:13330; flags:AF; content:"HTTP/1.1 307 Temporary Redirect|0a|Location|3a 20|"; depth:42; fast_pattern; content:"Connection: close|0a 0a|"; endswith; reference:url,citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/; classtype:misc-activity; sid:2025428; rev:4; metadata:attack_target Client_and_Server, created_at 2018_03_13, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_13;)
Mar 13, 2018, 12:00 PM
Mar 13, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-info.rules