[Snort-sigs] WEB-MISC backup access

yew chuan Ong yewchuan_23 at ...144...
Mon Aug 20 02:51:34 EDT 2012


Appreciate if anyone would like to share the intention of this sig - WEB-MISC backup access. The keyword is pretty weak, and it is disable by default.

# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC backup access"; flow:to_server,established; content:"/backup"; nocase; http_uri; classtype:attempted-recon; sid:1213; rev:9;)


Yew Chuan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120819/ad15eb1f/attachment.html>

More information about the Snort-sigs mailing list