alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Brute Force Exploit Detector HTTP Buffer Overflow Detection"; flow:to_server,established; content:"HEAD AAAAAAAAAAAAAA"; content:"HTTP/1.0"; offset:30; distance:10; classtype:attempted-recon; reference:url,www.snake-basket.de/bed.html; reference:url,doc.emergingthreats.net/2008596; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_BED; sid:2008596; rev:2;)

Added 2009-02-11 19:24:44 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Brute Force Exploit Detector HTTP Buffer Overflow Detection"; flow:to_server,established; content:"HEAD AAAAAAAAAAAAAA"; content:"HTTP/1.0"; offset:30; distance:10; classtype:attempted-recon; reference:url,www.snake-basket.de/bed.html; reference:url,doc.emergingthreats.net/2008596; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_BED; sid:2008596; rev:2;)

Added 2009-02-11 19:24:44 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Brute Force Exploit Detector HTTP Buffer Overflow Detection"; flow:to_server,established; content:"HEAD AAAAAAAAAAAAAA"; content:"HTTP/1.0"; offset:30; distance:10; classtype:attempted-recon; reference:url,www.snake-basket.de/bed.html; sid:2008596; rev:1;)

Added 2008-09-29 14:24:35 UTC


Topic revision: r1 - 2009-02-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats