[Snort-sigs] Avoidance of 2230.5 (WEB-MISC NetGear router default password login attempt admin/password)

Brian bmc at ...95...
Tue Jul 6 08:03:01 EDT 2004


On Fri, Jul 02, 2004 at 11:30:00PM -0600, nnposter at ...592... wrote:
> I am proposing to convert the authentication clause to PCRE:
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS 
> (msg:"WEB-MISC NetGear router default password login attempt admin/password"; 
> flow:to_server,established; content:"YWRtaW46cGFzc3dvcmQ"; 
> pcre:"/^Authorization\x3a\s*Basic +(?-i)YWRtaW46cGFzc3dvcmQ/mi"; 
> reference:nessus,11737; classtype:default-login-attempt; sid:2230; rev:6;)

yep.




More information about the Snort-sigs mailing list