""ET INFO Suspicious Empty User-Agent""
SID: 2007994
Revision: 22
Class Type: unknown
Metadata: affected_product Any, attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, signature_severity Major, tag User_Agent, updated_at 2022_12_28
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "User-Agent|3a 20 0d 0a|"
-
Value: !".mcafee.com"
-
Value: !"deezer.com|0d 0a|"
-
Value: !"googlezip.net"
-
Value: !"metrics.tbliab.net|0d 0a|"
-
Value: !"dajax.com|0d 0a|"
-
Value: !"update.eset.com|0d 0a|"
-
Value: !".sketchup.com|0d 0a|"
-
Value: !".yieldmo.com|0d 0a|"
-
Value: !"ping-start.com|0d 0a|"
-
Value: !".bluekai.com"
-
Value: !".stockstracker.com"
-
Value: !".doubleclick.net"
-
Value: !".pingstart.com"
-
Value: !".colis-logistique.com"
-
Value: !"android-lrcresource.wps.com"
-
Value: !"track.package-buddy.com"
-
Value: !"talkgadget.google.com"
-
Value: !".visualstudio.com|0d 0a|"
-
Value: !".slack-edge.com|0d 0a|"
-
Value: !".slack.com|0d 0a|"
-
Value: !".lifesizecloud.com|0d 0a|"
-
Value: !"connectivitycheck.gstatic.com|0d 0a|"
Within:
PCRE:
Special Options:
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header