Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Synology Diskstation Manager Reflected XSS sig

From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 06 Mar 2014 08:34:37 -0700
Should explain the annoying uptick of port 5000 firewall hits:

alert tcp $EXTERNAL_NET any -> $HOME_NET 5000 (msg:"SERVER-WEBAPP 
Synology DiskStation Manager Reflected XSS attempt"; 
flow:to_server,established; content:"/webman/info.cgi|3f|host="; 
fast_pattern:only; http_uri; metadata:policy balanced-ips drop, policy 
connectivity-ips drop, policy security-ips drop, 
reference:url,www.scip.ch/en/?vuldb.10255; classtype:attempted-admin; 
sid:10000130; rev:1;)

James

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: