[Snort-sigs] New rule offered for detecting Netgear password recovery

rmkml rmkml at ...174...
Mon Jan 13 15:38:57 EST 2014


Hi,

I'm offer a new rule for detecting last Netgear password recovery.

alert tcp any any -> any $HTTP_PORTS (msg:"WEB-CGI Netgear N150 passwordrecovered.cgi id param possible password recovery attempt"; flow:to_server,established; content:"POST"; nocase; http_method; 
content:"/passwordrecovered.cgi?id="; nocase; http_uri; reference:url,www.securityfocus.com/archive/1/530743/30/0/threaded; classtype:web-application-attack; sid:1; rev:1;)

Discovered during my new project http://etplc.org

Regards
@Rmkml




More information about the Snort-sigs mailing list