-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.rules
26 lines (22 loc) · 2.37 KB
/
test.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
alert tcp any any -> any 80 (msg:"gilgil.net access"; content:"GET /"; content:"Host: "; content:"gilgil.net"; sid:10001; rev:1;)
alert tcp any any -> any 80 (msg:"example.com access"; content:"GET /"; content:"Host: "; content:"example.com"; sid:10002; rev:1;)
alert tcp any any -> any 80 (msg:"mk.khnp.co.kr access"; content:"GET /"; content:"Host: "; content:"mk.khnp.co.kr"; sid:10003; rev:1;)
alert tcp any any -> any 443 (msg:"naver.com access"; tls_sni; content:"naver.com"; sid:10004; rev:1;)
alert tcp any any -> any 443 (msg:"tistory.com access"; tls_sni; content:"tistory.com"; sid:10005; rev:1;)
alert tcp any any -> any 443 (msg:"kakao.com access"; tls_sni; content:"kakao.com"; sid:10006; rev:1;)
alert tcp any any -> any 443 (msg:"nate.com access"; tls_sni; content:"nate.com"; sid:10007; rev:1;)
alert tcp any any -> any 443 (msg:"google.com access"; tls_sni; content:"google.com"; sid:10008; rev:1;)
alert tcp any any -> any 443 (msg:"daum.net access"; tls_sni; content:"daum.net"; sid:10009; rev:1;)
alert tcp any any -> any 443 (msg:"netflix.com access"; tls_sni; content:"netflix.com"; sid:10010; rev:1;)
alert tcp any any -> any 443 (msg:"facebook.com access"; tls_sni; content:"facebook.com"; sid:10011; rev:1;)
alert tcp any any -> any 443 (msg:"instagram.com access"; tls_sni; content:"instagram.com"; sid:10012; rev:1;)
alert tcp any any -> any 443 (msg:"mma.go.kr access"; tls_sni; content:"mma.go.kr"; sid:10013; rev:1;)
alert tcp any any -> any 443 (msg:"github.com access"; tls_sni; content:"github.com"; sid:10014; rev:1;)
alert tcp any any -> any 443 (msg:"yahoo.com access"; tls_sni; content:"yahoo.com"; sid:10015; rev:1;)
alert tcp any any -> any 443 (msg:"vlive.tv access"; tls_sni; content:"vlive.tv"; sid:10016; rev:1;)
alert tcp any any -> any 443 (msg:"twitch.tv access"; tls_sni; content:"twitch.tv"; sid:10017; rev:1;)
alert tcp any any -> any 443 (msg:"nexon.com access"; tls_sni; content:"nexon.com"; sid:10018; rev:1;)
alert tcp any any -> any 443 (msg:"notion.so access"; tls_sni; content:"notion.so"; sid:10019; rev:1;)
alert tcp any any -> any 443 (msg:"amazon.com access"; tls_sni; content:"amazon.com"; sid:10020; rev:1;)
#alert tcp any any -> any 80 (msg:"netflix.com access"; content:"GET /"; content:"Host: "; content:"netflix.com"; sid:10002; rev:1;)
#alert tcp any any -> any 80 (msg:"qt.io access"; content:"GET /"; content:"Host: "; content:"qt.io"; sid:10003; rev:1;)