Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Offer a new sig for detecting Netgear Authentication bypass

From: rmkml <rmkml () ligfy org>
Date: Mon, 20 Jun 2016 21:01:01 +0200 (CEST)
Hi,

The http://etplc.org open source project offer a new sig for detecting Netgear Authentication bypass:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Netgear D6000 or D3600 Authentication bypass 
passrec.asp attempt";
flow:to_server,established; content:"/cgi-bin/passrec.asp"; nocase; http_uri; reference:cve,2015-8289;
reference:url,http://www.kb.cert.org/vuls/id/778696; classtype:web-application-attack; sid:1; rev:1;)

See reference for more information.

Don't forget check variables.

Please send any comments.

Regards
@Rmkml


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: