alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Suspicious Chmod Usage in URI"; flow:to_server,established; content:"chmod"; fast_pattern:only; nocase; http_uri; pcre:"/chmod\s+([+-][rwx]|[0-7])/Ui"; reference:url,doc.emergingthreats.net/2009363; classtype:attempted-admin; sid:2009363; rev:7;)

Added 2012-06-05 23:03:08 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Suspicious Chmod Usage in URI"; flow:to_server,established; content:"chmod"; fast_pattern:only; nocase; http_uri; pcre:"/chmod\s+([+-][rwx]|[0-7])/Ui"; reference:url,doc.emergingthreats.net/2009363; classtype:attempted-admin; sid:2009363; rev:6;)

Modified 2012 06-05 11:27 EST Added 2011-10-12 19:27:12 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Suspicious Chmod Usage in URI"; flow:to_server,established; content:"chmod"; fast_pattern:only; nocase; http_uri; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2009363; sid:2009363; rev:6;)

Added 2011-09-14 22:40:34 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Suspicious Chmod Usage in URI"; flow:to_server,established; content:"chmod"; fast_pattern:only; nocase; http_uri; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2009363; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_General; sid:2009363; rev:6;)

Added 2011-02-04 17:28:40 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Suspicious Chmod Usage in URI"; flow:to_server,established; uricontent:"chmod"; nocase; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2009363; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_General; sid:2009363; rev:4;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Suspicious Chmod Usage in URI"; flow:to_server,established; uricontent:"chmod"; nocase; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2009363; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_General; sid:2009363; rev:4;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Suspicious Chmod Usage in URI"; flow:to_server,established; uricontent:"chmod"; nocase; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2009363; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_General; sid:2009363; rev:2;)

Added 2009-05-28 14:15:36 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Suspicious Chmod Usage in URI"; flow:to_server,established; uricontent:"chmod"; nocase; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2009363; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_General; sid:2009363; rev:2;)

Added 2009-05-28 14:15:36 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Suspicious Chmod Usage in URI"; flow:to_server,established; uricontent:"chmod"; nocase; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; sid:2009363; rev:1;)

Added 2009-05-27 13:33:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Suspicious Chmod Usage in URI"; flow:to_server,established; uricontent:"chmod"; nocase; pcre:"/chmod.([r|w|x|1-7])/Ui"; classtype:attempted-admin; sid:2009363; rev:1;)

Added 2009-05-27 13:30:34 UTC


Topic revision: r2 - 2012-06-05 - LuisMendieta
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats