alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; dsize:<251; byte_test:1,<,0xfb,0,little; content:"|ff 15 04 23 32 38 30 30 30|"; offset:4; threshold: type threshold, track by_src, count 5, seconds 120; reference:url,doc.emergingthreats.net/2010494; classtype:attempted-recon; sid:2010494; rev:3;)

Added 2014-12-04 18:40:20 UTC


alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; content:"|15 04|"; depth:64; content:"|32 38 30 30 30|Access denied for user|20|"; fast_pattern:only; content:"using password|3A 20|"; threshold: type threshold, track by_src, count 5, seconds 120; reference:url,doc.emergingthreats.net/2010494; classtype:attempted-recon; sid:2010494; rev:3;)

Added 2011-10-12 19:29:54 UTC


alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; content:"|15 04|"; depth:64; content:"|32 38 30 30 30|Access denied for user|20|"; fast_pattern:only; content:"using password|3A 20|"; threshold: type threshold, track by_src, count 5, seconds 120; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010494; sid:2010494; rev:3;)

Added 2011-09-14 22:43:06 UTC


alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; content:"|15 04|"; depth:64; content:"|32 38 30 30 30|Access denied for user|20|"; fast_pattern:only; content:"using password|3A 20|"; threshold: type threshold, track by_src, count 5, seconds 120; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010494; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql; sid:2010494; rev:3;)

Added 2011-02-04 17:30:03 UTC


alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; content:"|15 04|"; depth:64; content:"|32 38 30 30 30|Access denied for user|20|"; distance:0; content:"using password|3A 20|"; threshold: type threshold, track by_src, count 5, seconds 120; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010494; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql; sid:2010494; rev:2;)

Added 2009-12-16 09:00:48 UTC


alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; content:"|15 04|"; depth:64; content:"|32 38 30 30 30|Access denied for user|20|"; distance:0; content:"using password|3A 20|"; threshold: type threshold, track by_src, count 5, seconds 120; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2010494; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql; sid:2010494; rev:2;)

Added 2009-12-16 09:00:48 UTC


alert tcp $HOME_NET 3306 -> $EXTERNAL_NET any (msg:"ET SCAN Multiple MySQL? Login Failures, Possible Brute Force Attempt"; flow:from_server,established; content:"|15 04|"; depth:64; content:"|32 38 30 30 30|Access denied for user|20|"; distance:0; content:"using password|3A 20|"; threshold: type threshold, track by_src, count 5, seconds 120; classtype:attempted-recon; sid:2010494; rev:1;)

Added 2009-12-15 12:21:29 UTC


Topic revision: r1 - 2014-12-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats