Update ipv4_pub.yar

d8c18eae · garanews · GitHub · 32590c9c · d8c18eae
Commit d8c18eae authored Dec 02, 2016 by garanews Committed by GitHub Dec 02, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

ipv4_pub.yar utils/ipv4_pub.yar +1 -1

No files found.
--- a/utils/ipv4_pub.yar
+++ b/utils/ipv4_pub.yar
@@ -11,7 +11,7 @@ rule IP {
    meta:
        author = "garanews"
    strings:
-        $ip = /([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?<!172\.(16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31))(?<!127)(?<!^10)(?<!^0)\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?<!192\.168)(?<!172\.(16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31))\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?<!\.0$)(?<!\.255$)
+        $ip = /([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?<!172\.(16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31))(?<!127)(?<!^10)(?<!^0)\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?<!192\.168)(?<!172\.(16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31))\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?<!\.0$)(?<!\.255$)/ wide ascii
    condition:
        $ip
 }