TWiki's Main webThe web for users, groups and offices. TWiki is an Enterprise Collaboration Platform.http://doc.emergingthreats.net/bin/view/MainCopyright 2010 Emerging Threats and Contributing Authors2010-09-06T18:45:32ZHoneywallSampleshttp://doc.emergingthreats.net/bin/view/Main/HoneywallSamples2010-09-06T18:45:32ZHoneywall and Smoothwall Configuration Samples Examples presented at Berkman Center, Harvard Law School, May 16th, 2008 DNS Black Hole for Smoothwall ... (last changed by JamesMcQuaid)JamesMcQuaid2011421http://doc.emergingthreats.net/bin/view/Main/20114212010-09-04T20:53:13Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS FAKEAV redirecting to fake scanner page /?777"; flow:established,to server; uricontent ... (last changed by TWikiGuest)TWikiGuest2011417http://doc.emergingthreats.net/bin/view/Main/20114172010-09-04T20:53:13Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS MALVERTISING Hidden iframe Redirecting to SEO Driveby Site"; flow:established,to client ... (last changed by TWikiGuest)TWikiGuest2011415http://doc.emergingthreats.net/bin/view/Main/20114152010-09-04T20:53:13Zalert tcp $EXTERNAL NET any $HOME NET $HTTP PORTS (msg:"ET WEB SERVER PHP tags in HTTP POST"; flow:established,to server; content:"POST ";nocase; depth:5; content ... (last changed by TWikiGuest)TWikiGuest2011420http://doc.emergingthreats.net/bin/view/Main/20114202010-09-04T20:53:13Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS FAKEAV client requesting image sector.hdd.png"; flow:established,to server; uricontent ... (last changed by TWikiGuest)TWikiGuest2011425http://doc.emergingthreats.net/bin/view/Main/20114252010-09-04T20:53:13Zalert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SERVER Possible Attempt to Create MSSQL SOAP/HTTP Endpoint in URI to Allow for Operating System ... (last changed by TWikiGuest)TWikiGuest2011423http://doc.emergingthreats.net/bin/view/Main/20114232010-09-04T20:53:13Zalert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS Cacti cacti/utilities.php Cross Site Scripting Attempt"; flow:established,to server ... (last changed by TWikiGuest)TWikiGuest2011418http://doc.emergingthreats.net/bin/view/Main/20114182010-09-04T20:53:13Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET WEB CLIENT Trend Micro Internet Security Pro UfPBCtrl.dll ActiveX Control Remote Code Execution Attempt ... (last changed by TWikiGuest)TWikiGuest2011422http://doc.emergingthreats.net/bin/view/Main/20114222010-09-04T20:53:13Zalert udp $EXTERNAL NET any $HOME NET 5060 (msg:"ET CURRENT EVENTS Possible Modified Sipvicious OPTIONS Scan"; content:"OPTIONS "; depth:8; content:"ccxllrlflgig ... (last changed by TWikiGuest)TWikiGuest2011416http://doc.emergingthreats.net/bin/view/Main/20114162010-09-04T20:53:13Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN CRiMEPACK Exploit Pack Binary Load Request Observed"; flow:established,to server; uricontent: ... (last changed by TWikiGuest)TWikiGuest2011419http://doc.emergingthreats.net/bin/view/Main/20114192010-09-04T20:53:13Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS FAKEAV landing page sector.hdd.png no repeat"; flow:established,to client; content: ... (last changed by TWikiGuest)TWikiGuest2011424http://doc.emergingthreats.net/bin/view/Main/20114242010-09-04T20:53:13Zalert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SERVER Possible SQL Injection Using MSSQL sp configure Command"; flow:established,to server; ... (last changed by TWikiGuest)TWikiGuestBrandonPerkinshttp://doc.emergingthreats.net/bin/view/Main/BrandonPerkins2010-09-03T19:55:01ZMy Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ... (last changed by TWikiRegistrationAgent)TWikiRegistrationAgent2007933http://doc.emergingthreats.net/bin/view/Main/20079332010-09-02T16:47:02Zalert tcp $EXTERNAL NET any $HOME NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:" 21 00 21 03 ... (last changed by IanR)IanR2007866http://doc.emergingthreats.net/bin/view/Main/20078662010-09-01T14:46:39Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET POLICY GaduGadu Chat Client Checkin via HTTP"; flow:established,to server; uricontent:"/appsvc/appmsg ... (last changed by TWikiGuest)TWikiGuest2011412http://doc.emergingthreats.net/bin/view/Main/20114122010-08-31T20:04:32Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET WEB CLIENT Apple QuickTime Marshaled pUnk Backdoor Param Arbitrary Code Execution Attempt"; flow:established ... (last changed by TWikiGuest)TWikiGuest