[Snort-sigs] New rule offered for detecting Netgear password recovery

Antonin antonin at ...3874...
Mon Jan 13 15:07:53 EST 2014

Hi mate, 

Thanks for this. 

-- antonin at ...3874... Libfy! 

13 janv. 2014 a écrit :
>I'm offer a new rule for detecting last Netgear password recovery.
>alert tcp any any -> any $HTTP_PORTS (msg:"WEB-CGI Netgear N150
>passwordrecovered.cgi id param possible password recovery attempt";
>flow:to_server,established; content:"POST"; nocase; http_method; 
>content:"/passwordrecovered.cgi?id="; nocase; http_uri;
>classtype:web-application-attack; sid:1; rev:1;)
>Discovered during my new project http://etplc.org
>CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>Learn Why More Businesses Are Choosing CenturyLink Cloud For
>Critical Workloads, Development Environments & Everything In Between.
>Get a Quote or Start a Free Trial Today. 
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140113/0b72dedf/attachment.html>

More information about the Snort-sigs mailing list