Rule History

alert tcp any any -> any any (msg: "TOOLS [PTsecurity] gsocket client activity"; flow: to_server, established, no_stream; dsize: 128; stream_size: client, <, 500; stream_size: server, <, 100; content: "|02|"; depth: 1; offset: 0; content: !"|00|"; within: 2; content: "|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; distance: 3; within: 28; content: !"|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; within: 16; content: "|00 00 00 00|"; distance: 16; within: 4; content: "|00 00 00 00|"; isdataat: !1, relative; reference: url, gsocket.io; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10009304; rev: 4;)