alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization|3a| Basic bWFuYWdlcjp"; fast_pattern:15,17; http_header; threshold: type threshold, track by_src, count 5, seconds 30; reference:url,doc.emergingthreats.net/2008455; classtype:web-application-attack; sid:2008455; rev:7;)

Added 2012-01-18 18:00:59 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization|3a| Basic bWFuYWdlcjp"; http_header; threshold: type threshold, track by_src, count 30, seconds 30; reference:url,doc.emergingthreats.net/2008455; classtype:web-application-attack; sid:2008455; rev:5;)

Added 2011-10-12 19:25:10 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization|3a| Basic bWFuYWdlcjp"; http_header; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008455; sid:2008455; rev:5;)

Added 2011-09-14 22:38:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization|3a| Basic bWFuYWdlcjp"; http_header; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008455; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute; sid:2008455; rev:5;)

Added 2011-02-04 17:27:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization\: Basic bWFuYWdlcjp"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008455; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute; sid:2008455; rev:3;)

Added 2009-02-12 18:21:19 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization\: Basic bWFuYWdlcjp"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008455; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Tomcat_Brute; sid:2008455; rev:3;)

Added 2009-02-12 18:21:19 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization\: Basic bWFuYWdlcjp"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; sid:2008455; rev:2;)

Added 2008-08-14 08:30:21 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization\: Basic bWFuYWdlcjp"; threshold: type threshold, track by_src, count 30, seconds 30; classtype:web-application-attack; sid:2008455; rev:2;)

Added 2008-08-14 08:30:21 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to_server,established; content:"Authorization\: Basic bWFuYWdlcjp"; threshold: type threshold, track by_src, count 3, seconds 30; classtype:web-application-attack; sid:2008455; rev:1;)

Added 2008-07-22 10:00:21 UTC


Topic revision: r1 - 2012-01-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats