Snort mailing list archives

Previous By Date Next
Previous By Thread Next

New rule offered for detecting Netgear password recovery

From: rmkml <rmkml () yahoo fr>
Date: Mon, 13 Jan 2014 21:38:57 +0100 (CET)
Hi,

I'm offer a new rule for detecting last Netgear password recovery.

alert tcp any any -> any $HTTP_PORTS (msg:"WEB-CGI Netgear N150 passwordrecovered.cgi id param possible password 
recovery attempt"; flow:to_server,established; content:"POST"; nocase; http_method; 
content:"/passwordrecovered.cgi?id="; nocase; http_uri; 
reference:url,www.securityfocus.com/archive/1/530743/30/0/threaded; classtype:web-application-attack; sid:1; rev:1;)

Discovered during my new project http://etplc.org

Regards
@Rmkml

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: