-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.rules
20 lines (20 loc) · 2.03 KB
/
test.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
alert tcp any any -> any 80 (msg:"gilgil.net access"; content:"GET /"; content:"Host: "; content:"gilgil.net"; sid:10001; rev:1;)
alert tcp any any -> any 443 (msg:"netflix.com access"; tls_sni; content:"netflix.com"; sid:10002; rev:1;)
alert tcp any any -> any 443 (msg:"qt.io access"; tls_sni; content:"qt.io"; sid:10003; rev:1;)
alert tcp any any -> any 443 (msg:"naver.com access"; tls_sni; content:"naver.com"; sid:10004; rev:1;)
alert tcp any any -> any 443 (msg:"google.com access"; tls_sni; content:"google.com"; sid:10005; rev:1;)
alert tcp any any -> any 443 (msg:"daum.net access"; tls_sni; content:"daum.net"; sid:10006; rev:1;)
alert tcp any any -> any 443 (msg:"nate.com access"; tls_sni; content:"nate.com"; sid:10007; rev:1;)
alert tcp any any -> any 443 (msg:"zum.com access"; tls_sni; content:"zum.com"; sid:10008; rev:1;)
alert tcp any any -> any 443 (msg:"nexon.com access"; tls_sni; content:"nexon.com"; sid:10009; rev:1;)
alert tcp any any -> any 443 (msg:"netmarble.net access"; tls_sni; content:"netmarble.net"; sid:10010; rev:1;)
alert tcp any any -> any 443 (msg:"kknock.org access"; tls_sni; content:"kknock.org"; sid:10011; rev:1;)
alert tcp any any -> any 80 (msg:"ssg.com access"; content:"ssg.com"; sid:10012; rev:1;)
alert tcp any any -> any 80 (msg:"dreamwiz.com access"; content:"dreamwiz.com"; sid:10013; rev:1;)
alert tcp any any -> any 443 (msg:"kitribob.kr access"; tls_sni; content:"kitribob.kr"; sid:10014; rev:1;)
alert tcp any any -> any 443 (msg:"kitribob.wiki access"; tls_sni; content:"kitribob.wiki"; sid:10015; rev:1;)
alert tcp any any -> any 443 (msg:"kisa.or.kr access"; tls_sni; content:"kisa.or.kr"; sid:10016; rev:1;)
alert tcp any any -> any 443 (msg:"tistory.com access"; tls_sni; content:"tistory.com"; sid:10017; rev:1;)
alert tcp any any -> any 443 (msg:"coupang.com access"; tls_sni; content:"coupang.com"; sid:10018; rev:1;)
alert tcp any any -> any 80 (msg:"danawa.com access"; content:"danawa.com"; sid:10019; rev:1;)
alert tcp any any -> any 80 (msg:"auction.co.kr access"; content:"auction.co.kr"; sid:10020; rev:1;)