alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan"; flow:established,to_server; content:"User|2D|Agent|3A|"; http_header; content:"security"; http_header; nocase; content:"scan"; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3A[^\n]+security[^\n]+scan/Hmi"; reference:url,doc.emergingthreats.net/2010089; classtype:attempted-recon; sid:2010089; rev:7;)

Added 2011-10-12 19:28:56 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan"; flow:established,to_server; content:"User|2D|Agent|3A|"; http_header; content:"security"; http_header; nocase; content:"scan"; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3A[^\n]+security[^\n]+scan/Hmi"; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010089; sid:2010089; rev:7;)

Added 2011-09-14 22:42:13 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan"; flow:established,to_server; content:"User|2D|Agent|3A|"; http_header; content:"security"; http_header; nocase; content:"scan"; http_header; fast_pattern:only; nocase; pcre:"/^User-Agent\x3A[^\n]+security[^\n]+scan/Hmi"; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010089; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_UA; sid:2010089; rev:7;)

Added 2011-02-04 17:29:33 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan"; flow:established,to_server; content:"|0d 0a|User|2D|Agent|3A|"; content:"security"; nocase; within:200; content:"scan"; nocase; distance:0; pcre:"/User-Agent\x3A[^\n]+security[^\n]+scan/i"; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010089; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_UA; sid:2010089; rev:2;)

Added 2009-10-13 18:15:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan"; flow:established,to_server; content:"|0d 0a|User|2D|Agent|3A|"; content:"security"; nocase; within:200; content:"scan"; nocase; distance:0; pcre:"/User-Agent\x3A[^\n]+security[^\n]+scan/i"; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010089; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_UA; sid:2010089; rev:2;)

Added 2009-10-13 18:15:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan"; flow:established,to_server; content:"|0d 0a|User|2D|Agent|3A|"; content:"security"; nocase; within:200; content:"scan"; nocase; distance:0; pcre:"/User-Agent\x3A[^\n]+security[^\n]+scan/i"; classtype:attempted-recon; sid:2010089; rev:1;)

Added 2009-10-12 23:45:38 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats