alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[WEB-ATTACKS] Skipfish Web Application Scan Detected (2)"; content: "GET"; content: ".old"; content: "User-Agent"; content: "Mozilla/5.0 SF/"; parse_src_ip: 1; parse_dst_ip: 2; reference:url,isc.sans.org/diary.html?storyid=8467; reference:url,code.google.com/p/skipfish/; reference:url,doc.emergingthreats.net/2010956; flowbits: set, recon, 86400; classtype:attempted-recon; sid:5001815; rev:2;)

-- Main.Sagan-Wiki-Add - 2015-10-21

New revisions of 5001815 will be below...