Rule History

alert tcp any any -> any any (msg: "TOOLS [PTsecurity] gsocket server activity"; flow: to_server, established, no_stream; dsize: 128; stream_size: client, <, 500; stream_size: server, <, 100; content: "|01|"; depth: 1; offset: 0; content: !"|00|"; within: 2; content: "|00 00 00 00 00 00 00 00 00 00 00 00|"; fast_pattern; distance: 3; within: 12; content: !"|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; within: 16; content: !"|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; distance: 16; within: 16; content: "|00 00 00 00|"; distance: 32; within: 4; content: "|00 00 00 00|"; isdataat: !1, relative; reference: url, gsocket.io; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10009305; rev: 5;)