alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"/dlink/hwiz.html"; http_uri; reference:url,doc.emergingthreats.net/2008942; classtype:attempted-admin; sid:2008942; rev:7;)

Added 2012-04-23 23:04:27 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"Host|3a| "; http_header; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; reference:url,doc.emergingthreats.net/2008942; classtype:attempted-admin; sid:2008942; rev:6;)

Added 2011-10-12 19:26:16 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"Host|3a| "; http_header; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2008942; sid:2008942; rev:6;)

Added 2011-09-14 22:39:40 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"Host|3a| "; http_header; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2008942; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Dlink; sid:2008942; rev:6;)

Added 2011-02-04 17:28:11 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"|0d 0a|Host\: "; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2008942; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Dlink; sid:2008942; rev:4;)

Added 2009-02-11 19:00:24 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"|0d 0a|Host\: "; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2008942; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Dlink; sid:2008942; rev:4;)

Added 2009-02-11 19:00:24 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"|0d 0a|Host\: "; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; sid:2008942; rev:3;)

Added 2008-12-29 12:00:23 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"|0d 0a|Host\: "; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; sid:2008942; rev:3;)

Added 2008-12-29 12:00:23 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1.0|0d 0a|"; depth:33; content:!"|0d 0a|Host\: "; classtype:attempted-admin; sid:2008942; rev:2;)

Added 2008-12-29 11:48:36 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1.0|0d 0a|"; depth:33; content:!"|0d 0a|Host\: "; classtype:attempted-admin; sid:2008942; rev:2;)

Added 2008-12-29 11:48:36 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1.0|0d 0a|"; depth:33; content:!"|0d 0a|Host\: "; classtype:attempted-admin; sid:2008942; rev:2;)

Added 2008-12-29 11:45:23 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1.0|0d 0a|"; depth:33; content:!"|0d 0a|Host\: "; classtype:attempted-admin; sid:2008942; rev:2;)

Added 2008-12-29 11:45:23 UTC


alert tcp $HOME_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET POLICY Dlink Soho Router Config Page Access Attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1."; depth:30; content:"|0d 0a|Host\: "; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:attempted-admin; sid:2008942; rev:1;)

Added 2008-12-28 15:15:23 UTC


Topic revision: r1 - 2012-04-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats