NF – Web search engine – Yandex
This alert is triggered by traffic from the Yandex search engine.
ID Number
5022206
Signature
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"NF - Web search engine - Yandex"; content:"GET"; nocase; http_method; content:"User-Agent|3a|"; http_header; content:"Yandex"; nocase; http_header; classtype:misc-activity; reference:url,networkforensic.dk; metadata:09102016; sid:5022206; rev:1;)
Severity
Low
Recommendations/Investigative actions
Investigate if your organization has legitimate traffic coming from Yandex.
Check for unauthorized access attempts.
Consider bloking all traffic coming from Yandex.