Snort mailing list archives
New rule offered for detecting Netgear password recovery
From: rmkml <rmkml () yahoo fr>
Date: Mon, 13 Jan 2014 21:38:57 +0100 (CET)
Hi, I'm offer a new rule for detecting last Netgear password recovery. alert tcp any any -> any $HTTP_PORTS (msg:"WEB-CGI Netgear N150 passwordrecovered.cgi id param possible password recovery attempt"; flow:to_server,established; content:"POST"; nocase; http_method; content:"/passwordrecovered.cgi?id="; nocase; http_uri; reference:url,www.securityfocus.com/archive/1/530743/30/0/threaded; classtype:web-application-attack; sid:1; rev:1;) Discovered during my new project http://etplc.org Regards @Rmkml ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- New rule offered for detecting Netgear password recovery rmkml (Jan 13)
- Re: New rule offered for detecting Netgear password recovery Antonin (Jan 13)