[Snort-sigs] New rule offered for detecting Netgear password recovery

Antonin antonin at ...3874...
Mon Jan 13 15:07:53 EST 2014


Hi mate, 

Thanks for this. 
Useful. 

Libfy 
-- antonin at ...3874... Libfy! 


13 janv. 2014 a écrit :
>Hi,
>
>I'm offer a new rule for detecting last Netgear password recovery.
>
>alert tcp any any -> any $HTTP_PORTS (msg:"WEB-CGI Netgear N150
>passwordrecovered.cgi id param possible password recovery attempt";
>flow:to_server,established; content:"POST"; nocase; http_method; 
>content:"/passwordrecovered.cgi?id="; nocase; http_uri;
>reference:url,www.securityfocus.com/archive/1/530743/30/0/threaded;
>classtype:web-application-attack; sid:1; rev:1;)
>
>Discovered during my new project http://etplc.org
>
>Regards
>@Rmkml
>
>------------------------------------------------------------------------------
>CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>Learn Why More Businesses Are Choosing CenturyLink Cloud For
>Critical Workloads, Development Environments & Everything In Between.
>Get a Quote or Start a Free Trial Today. 
>http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>_______________________________________________
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-sigs
>http://www.snort.org
>
>
>Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140113/0b72dedf/attachment.html>


More information about the Snort-sigs mailing list