[Snort-sigs] WEB-MISC backup access
jesler at ...435...
Mon Aug 20 09:38:34 EDT 2012
On Aug 20, 2012, at 2:51 AM, yew chuan Ong <yewchuan_23 at ...144...> wrote:
> Appreciate if anyone would like to share the intention of this sig - WEB-MISC backup access. The keyword is pretty weak, and it is disable by default.
> # alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC backup access"; flow:to_server,established; content:"/backup"; nocase; http_uri; classtype:attempted-recon; sid:1213; rev:9;)
It looks for a simple access to the URI /backup on any of your webservers. This is a generic sig, and, as you mentioned, is not on in the default policy. (It's actually not in any policies).
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs