alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization|3a| Basic dG9tY2F0"; fast_pattern:15,14; http_header; threshold: type threshold, track by_src, count 5, seconds 30; reference:url,doc.emergingthreats.net/2008454; classtype:web-application-attack; sid:2008454; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization|3a| Basic dG9tY2F0"; fast_pattern:15,14; http_header; threshold: type threshold, track by_src, count 5, seconds 30; reference:url,doc.emergingthreats.net/2008454; classtype:web-application-attack; sid:2008454; rev:9;)

Added 2012-01-18 18:00:56 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization|3a| Basic dG9tY2F0"; http_header; threshold: type threshold, track by_src, count 30, seconds 30; reference:url,doc.emergingthreats.net/2008454; classtype:web-application-attack; sid:2008454; rev:7;)

Added 2011-10-12 19:25:10 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization|3a| Basic dG9tY2F0"; http_header; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008454; sid:2008454; rev:7;)

Added 2011-09-14 22:38:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization|3a| Basic dG9tY2F0"; http_header; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute; sid:2008454; rev:7;)

Added 2011-02-04 17:27:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization\: Basic dG9tY2F0"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute; sid:2008454; rev:3;)

Added 2009-02-12 18:21:19 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization\: Basic dG9tY2F0"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute; sid:2008454; rev:3;)

Added 2009-02-12 18:21:19 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization\: Basic dG9tY2F0"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; sid:2008454; rev:2;)

Added 2008-08-14 08:30:21 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization\: Basic dG9tY2F0"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; sid:2008454; rev:2;)

Added 2008-08-14 08:30:21 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to_server,established; content:"Authorization\: Basic dG9tY2F0"; threshold: type threshold, track by_src, count 3, seconds 30; classtype:web-application-attack; sid:2008454; rev:1;)

Added 2008-07-22 10:00:21 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats