Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Offer a new sig for detecting TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock

From: rmkml <rmkml () ligfy org>
Date: Sun, 23 Oct 2016 00:53:17 +0200 (CEST)
Hi,

The http://etplc.org open source project offer a new sig for detecting TrendMicro Interscan Web Security Virtual 
Appliance User-Agent ShellShock:

alert tcp $EXTERNAL_NET any -> $HOME_NET 1812 (msg:"WEB-MISC TrendMicro Interscan Web Security Virtual Appliance 
User-Agent ShellShock attempt";
flow:to_server,established; content:"User-Agent|3A 20 28 29 20 7b|"; nocase; content:"/cgiCmdNotify"; nocase; 
reference:cve,2014-6271;
reference:url,www.myhackerhouse.com/trendmicro-cve-2014-6271/; classtype:misc-attack; sid:1; rev:1;)

See reference for more information.

Don't forget check variables.

Please send any comments.

Regards
@Rmkml

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: