alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Brute Force Exploit Detector HTTP Buffer Overflow Detection"; flow:to_server,established; content:"HEAD AAAAAAAAAAAAAA"; content:"HTTP/1.0"; offset:30; distance:10; classtype:attempted-recon; reference:url,www.snake-basket.de/bed.html; reference:url,doc.emergingthreats.net/2008596; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_BED; sid:2008596; rev:2;)
Added 2009-02-11 19:24:44 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Brute Force Exploit Detector HTTP Buffer Overflow Detection"; flow:to_server,established; content:"HEAD AAAAAAAAAAAAAA"; content:"HTTP/1.0"; offset:30; distance:10; classtype:attempted-recon; reference:url,www.snake-basket.de/bed.html; reference:url,doc.emergingthreats.net/2008596; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_BED; sid:2008596; rev:2;)
Added 2009-02-11 19:24:44 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Brute Force Exploit Detector HTTP Buffer Overflow Detection"; flow:to_server,established; content:"HEAD AAAAAAAAAAAAAA"; content:"HTTP/1.0"; offset:30; distance:10; classtype:attempted-recon; reference:url,www.snake-basket.de/bed.html; sid:2008596; rev:1;)
Added 2008-09-29 14:24:35 UTC