alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; content:"GET //"; fast_pattern; depth:6; content:"TE|3a 20|deflate,gzip|3b|q=0.3|0d 0a|Connection|3a 20|TE, close|0d 0a|Host|3a 20|"; http_header; depth:53; content:"User-Agent|3a 20|"; within:100; http_header; content:!"libwww-perl/"; http_user_agent; http_header_names; content:"|0d 0a|TE|0d 0a|Host|0d 0a|User-Agent|0d 0a 0d 0a|"; depth:26; isdataat:!1,relative; threshold:type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; sid:2013416; rev:9; metadata:created_at 2011_08_16, updated_at 2020_02_04;)

Added 2020-02-04 20:21:07 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; content:"GET //"; fast_pattern; depth:6; content:"HTTP/1.1|0d 0a|TE|3a| deflate,gzip|3b|q=0.3|0d 0a|Connection|3a| TE, close|0d 0a|Host|3a| "; content:"User-Agent|3a| "; within:100; content:!"libwww-perl/"; http_header; pcre:"/^TE\x3a deflate,gzip\x3bq=0\.3\r\nHost\x3a[^\r\n]+\r\nUser-Agent\x3a[^\r\n]+\r\n$/H";threshold:type threshold, track by_dst, count 10,seconds 20; classtype:attempted-recon; sid:2013416; rev:8; metadata:created_at 2011_08_16, updated_at 2011_08_16;)

Added 2018-09-13 19:43:25 UTC


Added 2018-09-13 17:55:47 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; content:"GET //"; fast_pattern; depth:6; content:"HTTP/1.1|0d 0a|TE|3a| deflate,gzip|3b|q=0.3|0d 0a|Connection|3a| TE, close|0d 0a|Host|3a| "; content:"User-Agent|3a| "; within:100; content:!"libwww-perl/"; http_header; pcre:"/^TE\x3a deflate,gzip\x3bq=0\.3\r\nHost\x3a[^\r\n]+\r\nUser-Agent\x3a[^\r\n]+\r\n$/H";threshold:type threshold, track by_dst, count 10,seconds 20; classtype:attempted-recon; sid:2013416; rev:8; metadata:created_at 2011_08_16, updated_at 2011_08_16;)

Added 2017-08-07 21:06:43 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; content:"GET //"; fast_pattern; depth:6; content:"HTTP/1.1|0d 0a|TE|3a| deflate,gzip|3b|q=0.3|0d 0a|Connection|3a| TE, close|0d 0a|Host|3a| "; content:"User-Agent|3a| "; within:100; content:!"libwww-perl/"; http_header; pcre:"/^TE\x3a deflate,gzip\x3bq=0\.3\r\nHost\x3a[^\r\n]+\r\nUser-Agent\x3a[^\r\n]+\r\n$/H"; threshold:type threshold, track by_dst, count 10,seconds 20; classtype:attempted-recon; sid:2013416; rev:6;)

Added 2012-04-23 23:04:28 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; content:"GET //"; fast_pattern; depth:6; content:"HTTP/1.1|0d 0a|TE|3a| deflate,gzip|3b|q=0.3|0d 0a|Connection|3a| TE, close|0d 0a|Host|3a| "; content:"User-Agent|3a| "; within:100; content:!"libwww-perl/"; http_header; pcre:"/\s\/HTTP\/1\.1\r\nTE\x3a deflate,gzip\x3bq=0\.3\r\nHost\x3a[^\r\n]+\r\nUser-Agent\x3a[^\r\n]+\r\n\r\n/m"; threshold:type threshold, track by_dst, count 10,seconds 20; classtype:attempted-recon; sid:2013416; rev:5;)

Added 2011-10-12 19:36:48 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; content:"GET //"; fast_pattern; depth:6; content:"HTTP/1.1|0d 0a|TE|3a| deflate,gzip|3b|q=0.3|0d 0a|Connection|3a| TE, close|0d 0a|Host|3a| "; content:"User-Agent|3a| "; within:100; content:!"libwww-perl/"; http_header; pcre:"/\s\/HTTP\/1\.1\r\nTE\x3a deflate,gzip\x3bq=0\.3\r\nHost\x3a[^\r\n]+\r\nUser-Agent\x3a[^\r\n]+\r\n\r\n/m"; classtype:attempted-recon; threshold:type threshold, track by_dst, count 10,seconds 20; sid:2013416; rev:4;)

Added 2011-08-16 21:06:24 UTC


Topic revision: r1 - 2020-02-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats