F-SBID( --attack_id 1911; --name "Kabai"; --protocol tcp; --flow to_server; --pattern "|3c2f417070547970653e3c49502f3e3c506173733e|";)

זה מחתימה אחרת

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\l.jpg$

Ori

Shitrit

Service Assurance

Integrated Solutions

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c11.jpg$

+972-39203165

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c7.jpg$

+972-3-9257419

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c5.jpg$

PSC@bezeqint.co.il

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateEN_r1_c2.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c3.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c2.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_businessENpink_r1_c3.jpg$

From: kapat-mamram [mailto:kapat-mamram@mail.idf.il]
Sent: Wednesday, July 08, 2015 3:31 PM
To: PSC
Cc: 'dorond'; IDF-CYB@mail.gov.il
Subject: RE: כפ"ג - הטמעה של חתימת IPS

היי אורי, נשמח לדוגמא..

זירה- לידיעתכם

From: PSC [mailto:PSC@bezeqint.co.il]
Sent: Wednesday, July 08, 2015 3:00 PM
To: kapat-mamram; PSC
Subject: RE: כפ"ג - הטמעה של חתימת IPS

עדין לא תיקן

אתם מעוניינים בדוגמה מחתימות אחרות ?

בברכה ,

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\l.jpg$

Ori

Shitrit

Service Assurance

Integrated Solutions

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c11.jpg$

+972-39203165

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c7.jpg$

+972-3-9257419

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c5.jpg$

PSC@bezeqint.co.il

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateEN_r1_c2.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c3.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c2.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_businessENpink_r1_c3.jpg$

From: kapat-mamram [mailto:kapat-mamram@mail.idf.il]
Sent: Wednesday, July 08, 2015 1:55 PM
To: PSC
Subject: FW: כפ"ג - הטמעה של חתימת IPS

היי, תוקן,תנסו בבקשה את זה J

From: dorond [mailto:dorond@mail.idf.il]
Sent: Wednesday, July 08, 2015 12:23 PM
To: kapat-mamram
Subject: RE: כפ"ג - הטמעה של חתימת IPS

F-SBID(--name “Breaking News – Register To Server”; --flow from_client; --protocol tcp; --service HTTP; --pattern “|45 47 54|”; --pattern “|2f 42 2e 70 68 70 3f 50 6e 3d|”; --context uri; --pcre “/B.php\?Pn=\w+=*&ID=\d+&o=\w+=*$av=\w*&H=/”;)

שינסו את זה

From: kapat-mamram
Sent: Wednesday, July 08, 2015 12:06 PM
To: dorond
Subject: FW: כפ"ג - הטמעה של חתימת IPS

From: PSC [mailto:PSC@bezeqint.co.il]
Sent: Tuesday, July 07, 2015 5:48 PM
To: kapat-mamram; PSC
Subject: RE: כפ"ג - הטמעה של חתימת IPS

כל הנראה הSyntax לא נכון

תוכלו בבקשה לעבור שוב על הSyntax ולעדכן אותנו

בברכה ,

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\l.jpg$

Ori

Shitrit

Service Assurance

Integrated Solutions

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c11.jpg$

+972-39203165

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c7.jpg$

+972-3-9257419

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c5.jpg$

PSC@bezeqint.co.il

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateEN_r1_c2.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c3.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_privateHEB.Cuts_r3_c2.jpg$

$Description: C:\Users\orishi\AppData\Roaming\Microsoft\Signatures\BI_SIG_MAKER_files\emailSignature_businessENpink_r1_c3.jpg$

From: kapat-mamram [mailto:kapat-mamram@mail.idf.il]
Sent: Tuesday, July 07, 2015 4:03 PM
To: PSC
Subject: FW: כפ"ג - הטמעה של חתימת IPS

היי, להלן חתימה שנצטרך להטמיע ב-IPS בהקדם J

תודה רבה

From: dorond [mailto:dorond@mail.idf.il]
Sent: Tuesday, July 07, 2015 3:23 PM
To: kapat-mamram
Subject: כפ"ג - הטמעה של חתימת IPS

היי,

בהמשך לשיחתנו, זאת החתימה שיש להתמיע:

F-SBID(--name “Breaking News – Register To Server”; --flow From_client; --protocol tcp; --service HTTP; --pattern “GET”; --pattern “/B.php?Pn=”; --context uri; --pcre “/B.php\?Pn=\w+=*&ID=\d+&o=\w+=*$av=\w*&H=/”;)

תודה,

שחר