[Snort-sigs] SQLi Injection Attempts

Joshua Williams joshuwi2 at ...435...
Mon Oct 24 13:04:17 EDT 2016


Carraig,

Thanks for your submission. I'll review and test this signature and get
back to you when it's finished.

--
Josh Williams
Detection Response Team
TALOS Security Group

On Wed, Oct 19, 2016 at 4:41 PM, Stanwyck, Carraig - ASOC, Kansas City, MO <
Carraig.Stanwyck at ...4154...> wrote:

> Good Evening,
>
>
>
> We saw a surge in injection attempts using UAs with “testitest” in them.
> “testitest (test at ...4187...)” and “testitest (test at ...4188...)”
>
>
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLACKLIST User
> Agent (SQLi Injection / Scanning)"; flow:established,to_server;
> content:"testitest"; http_header; fast_pattern; reference:url,
> en.wikipedia.org/wiki/SQL_injection; classtype:web-application-attack;
> sid:123456789; rev:1;)
>
>
>
> *Carraig Stanwyck*
>
> USDA | OCIO | ASOC
>
>
>
>
>
>
> This electronic message contains information generated by the USDA solely
> for the intended recipients. Any unauthorized interception of this message
> or the use or disclosure of the information it contains may violate the law
> and subject the violator to civil or criminal penalties. If you believe you
> have received this message in error, please notify the sender and delete
> the email immediately.
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161024/51f0e600/attachment.html>


More information about the Snort-sigs mailing list