alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,to_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; classtype:successful-recon-limited; sid:2003149; rev:6;)

Added 2015-04-15 11:57:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,to_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; classtype:misc-activity; sid:2003149; rev:5;)

Added 2012-04-02 21:11:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; classtype:misc-activity; sid:2003149; rev:4;)

Added 2011-10-12 19:12:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; sid:2003149; rev:4;)

Added 2011-09-14 22:25:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid:2003149; rev:4;)

Added 2011-02-04 17:22:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid:2003149; rev:4;)

Added 2010-06-23 13:46:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid:2003149; rev:4;)

Added 2010-06-23 13:46:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid: 2003149; rev:4;)

Added 2010-06-15 13:15:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid: 2003149; rev:4;)

Added 2010-06-15 13:15:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid: 2003149; rev:3;)

Added 2009-02-06 19:00:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd; sid: 2003149; rev:3;)

Added 2009-02-06 19:00:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root\:x\:0\:0\:root\:/root\:/"; nocase; classtype:misc-activity; sid: 2003149; rev:2;)

Added 2008-01-23 10:46:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root\:x\:0\:0\:root\:/root\:/"; nocase; classtype:misc-activity; sid: 2003149; rev:2;)

Added 2008-01-23 10:46:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,from_server; content:"root\:x\:0\:0\:root\:/root\:/"; nocase; classtype:misc-activity; sid: 2003149; rev:1; )



Topic revision: r1 - 2015-04-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats