alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Possible DotDotPwn? HTTP Server Directory Traversal Scan"; flow:established,to_server; content:"|0D 0A|User-Agent|3A| HTTP|3A 3A|Lite/"; threshold: type threshold, track by_src, count 10, seconds 30; classtype:attempted-recon; reference:url,www.darknet.org.uk/2010/08/dotdotpwn-v1-0-directory-traversal-checkerscanning-tool/; reference:url,chr1x.sectester.net/toolz/ddpwn/README.txt; reference:url,doc.emergingthreats.net/2011404; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_dotdotpwn; sid:2011404; rev:2;)

Added 2010-08-31 16:04:32 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Possible DotDotPwn? HTTP Server Directory Traversal Scan"; flow:established,to_server; content:"|0D 0A|User-Agent|3A| HTTP|3A 3A|Lite/"; threshold: type threshold, track by_src, count 10, seconds 30; classtype:attempted-recon; reference:url,www.darknet.org.uk/2010/08/dotdotpwn-v1-0-directory-traversal-checkerscanning-tool/; reference:url,chr1x.sectester.net/toolz/ddpwn/README.txt; reference:url,doc.emergingthreats.net/2011404; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_dotdotpwn; sid:2011404; rev:2;)

Added 2010-08-31 16:04:32 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Possible DotDotPwn? HTTP Server Directory Traversal Scan"; flow:established,to_server; content:"|0D 0A|User-Agent|3A| HTTP|3A 3A|Lite/"; threshold: type threshold, track by_src, count 10, seconds 30; classtype:attempted-recon; reference:url,www.darknet.org.uk/2010/08/dotdotpwn-v1-0-directory-traversal-checkerscanning-tool/; reference:url,chr1x.sectester.net/toolz/ddpwn/README.txt; sid:2011404; rev:1;)

Added 2010-08-27 15:01:37 UTC


Topic revision: r1 - 2010-08-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats