alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT MikroTik? RouterOS? Chimay Red Remote Code Execution Probe"; flow:to_server,established; content:"POST"; http_method; urilen:8; content:"/jsproxy"; http_uri; fast_pattern; content:"Content-Length|3a 20|"; http_header; depth:16; metadata: former_category EXPLOIT; reference:url,; reference:url,; classtype:attempted-admin; sid:2025426; rev:2; metadata:attack_target Networking_Equipment, deployment Perimeter, signature_severity Minor, created_at 2018_03_13, performance_impact Moderate, updated_at 2018_03_13;)

Added 2018-03-13 17:08:43 UTC

Topic revision: r1 - 2018-03-13 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats