alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET"; http_method; content:"/random"; nocase; http_uri; fast_pattern:only; pcre:"/\x2Frandom\w+?\x2E(?:c(?:f[cm]|gi)|ht(?:ml?|r)|(?:ws|x)dl|a(?:sp|xd)|p(?:hp3|l)|bat|swf|vbs|do)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; classtype:attempted-recon; sid:2009481; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:37 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET"; http_method; content:"/random"; nocase; http_uri; fast_pattern:only; pcre:"/\x2Frandom\w+?\x2E(?:c(?:f[cm]|gi)|ht(?:ml?|r)|(?:ws|x)dl|a(?:sp|xd)|p(?:hp3|l)|bat|swf|vbs|do)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; classtype:attempted-recon; sid:2009481; rev:8;)

Added 2015-04-06 20:49:38 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET "; http_method; content:"/random"; http_uri; nocase; fast_pattern:only; pcre:"/\x2Frandom.+?\x2E(?:c(?:f[cm]|gi)|ht(?:ml?|r)|(?:ws|x)dl|a(?:sp|xd)|p(?:hp3|l)|bat|swf|vbs|do)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; classtype:attempted-recon; sid:2009481; rev:7;)

Added 2014-09-04 19:14:16 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET"; http_method; content:"/random"; nocase; http_uri; pcre:"/\x2Frandom.+\x2E(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; classtype:attempted-recon; sid:2009481; rev:6;)

Added 2013-12-02 16:57:52 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET"; http_method; uricontent:"/random"; nocase; pcre:"/\x2Frandom.+\x2E(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; classtype:attempted-recon; sid:2009481; rev:5;)

Added 2011-10-12 19:27:28 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET"; http_method; uricontent:"/random"; nocase; pcre:"/\x2Frandom.+\x2E(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; classtype:attempted-recon; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; sid:2009481; rev:5;)

Added 2011-09-14 22:40:50 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET"; http_method; uricontent:"/random"; nocase; pcre:"/\x2Frandom.+\x2E(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; classtype:attempted-recon; reference:url,www.grendel-scan.com; reference:url,doc.emergingthreats.net/2009481; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Grendel; sid:2009481; rev:5;)

Added 2011-02-04 17:28:49 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/random"; nocase; pcre:"/\x2Frandom.+\x2E(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009481; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Grendel; sid:2009481; rev:3;)

Added 2010-05-07 14:31:04 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/random"; nocase; pcre:"/\x2Frandom.+\x2E(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009481; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Grendel; sid:2009481; rev:3;)

Added 2010-05-07 14:31:04 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel Web Scan Detected"; flow:to_server,established; content:"GET /random"; nocase; depth:11; pcre:"/(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009481; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Grendel; sid:2009481; rev:2;)

Added 2009-07-01 20:03:01 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel Web Scan Detected"; flow:to_server,established; content:"GET /random"; nocase; depth:11; pcre:"/(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009481; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Grendel; sid:2009481; rev:2;)

Added 2009-07-01 20:03:01 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Grendel Web Scan Detected"; flow:to_server,established; content:"GET /random"; nocase; depth:11; pcre:"/(html|bat|htm|vbs|do|xdl|htr|swf|wsdl|pl|php3|cfm|cgi|cfc|axd|asp)/Ui"; threshold: type threshold, track by_dst, count 20, seconds 40; reference:url,www.grendel-scan.com; classtype:attempted-recon; sid:2009481; rev:1;)

Added 2009-07-01 10:45:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats