Snort mailing list archives
Offer a new sig for detecting Netgear Authentication bypass
From: rmkml <rmkml () ligfy org>
Date: Mon, 20 Jun 2016 21:01:01 +0200 (CEST)
Hi, The http://etplc.org open source project offer a new sig for detecting Netgear Authentication bypass: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Netgear D6000 or D3600 Authentication bypass passrec.asp attempt"; flow:to_server,established; content:"/cgi-bin/passrec.asp"; nocase; http_uri; reference:cve,2015-8289; reference:url,http://www.kb.cert.org/vuls/id/778696; classtype:web-application-attack; sid:1; rev:1;) See reference for more information. Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Offer a new sig for detecting Netgear Authentication bypass rmkml (Jun 20)