#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; fast_pattern:only; content:"User-Agent|3a| Lynx/2.8.6rel.4 libwww-FM/2.14"; http_header; threshold: type threshold, track by_dst, count 10, seconds 20; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; reference:url,doc.emergingthreats.net/2009478; classtype:attempted-recon; sid:2009478; rev:4;)

Added 2012-03-08 18:30:46 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; fast_pattern:only; content:"User-Agent|3a| Lynx/2.8.6rel.4 libwww-FM/2.14"; http_header; threshold: type threshold, track by_dst, count 10, seconds 20; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; reference:url,doc.emergingthreats.net/2009478; classtype:attempted-recon; sid:2009478; rev:4;)

Added 2011-10-12 19:27:27 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; fast_pattern:only; content:"User-Agent|3a| Lynx/2.8.6rel.4 libwww-FM/2.14"; http_header; threshold: type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; reference:url,doc.emergingthreats.net/2009478; sid:2009478; rev:4;)

Added 2011-09-14 22:40:49 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; fast_pattern:only; content:"User-Agent|3a| Lynx/2.8.6rel.4 libwww-FM/2.14"; http_header; threshold: type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; reference:url,doc.emergingthreats.net/2009478; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SQLCheck; sid:2009478; rev:4;)

Added 2011-02-04 17:28:49 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; content:"|0d 0a|User-Agent\: Lynx/2.8.6rel.4 libwww-FM/2.14"; offset:40; distance:70; threshold: type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; reference:url,doc.emergingthreats.net/2009478; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SQLCheck; sid:2009478; rev:2;)

Added 2009-07-01 20:03:01 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; content:"|0d 0a|User-Agent\: Lynx/2.8.6rel.4 libwww-FM/2.14"; offset:40; distance:70; threshold: type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; reference:url,doc.emergingthreats.net/2009478; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SQLCheck; sid:2009478; rev:2;)

Added 2009-07-01 20:03:01 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLCheck Database Scan Detected"; flow:to_server,established; content:"%20FROM%20customers"; content:"|0d 0a|User-Agent\: Lynx/2.8.6rel.4 libwww-FM/2.14"; offset:40; distance:70; threshold: type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; reference:url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck; sid:2009478; rev:1;)

Added 2009-07-01 10:30:35 UTC


Topic revision: r1 - 2012-03-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats