EmergingThreats> Main Web>2004115 (2008-01-21, MattJonkman) EditAttach

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; reference:url,doc.emergingthreats.net/2004115; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_IIS_Auth_Bypass; sid:2004115; rev:5;)

Added 2009-02-16 21:30:25 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; reference:url,doc.emergingthreats.net/2004115; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_IIS_Auth_Bypass; sid:2004115; rev:5;)

Added 2009-02-16 21:30:25 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:4;)

Added 2008-05-18 19:52:12 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:4;)

Added 2008-05-18 19:52:12 UTC

alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:3;)

Added 2008-01-25 09:49:34 UTC

alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:3;)

Added 2008-01-25 09:49:34 UTC

alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT EVENTS MS IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:2;)

Added 2008-01-09 20:38:27 UTC

alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS MS IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:1;)

Added 2007-06-03 11:31:57 UTC

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2008-01-21 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats