alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[WEB-ATTACKS] Tomcat Web Application Manager scanning"; content: "GET"; nocase; content: "/manager/html"; nocase; content: "User-Agent"; content: "Mozilla/3.0"; content: "Indy Library)"; content: "Authorization"; content: "Basic"; parse_src_ip: 1; parse_dst_ip: 2; reference:url,doc.emergingthreats.net/2010019; flowbits: set, recon, 86400; classtype:attempted-recon; sid:5001819; rev:2;)
-- Main.Sagan-Wiki-Add - 2015-10-21 New revisions of 5001819 will be below...
alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[WEB-ATTACKS] Tomcat Web Application Manager scanning"; content: "GET"; nocase; content: "/manager/html"; nocase; content: "User-Agent"; content: "Mozilla/3.0"; content: "Indy Library)"; content: "Authorization"; content: "Basic"; parse_src_ip: 1; parse_dst_ip: 2; reference:url,doc.emergingthreats.net/2010019; xbits: set,recon,track ip_src,expire 86400; default_proto:tcp; default_dst_port: $HTTP_PORT; classtype:attempted-recon; sid:5001819; rev:3;)
-- Main.Sagan-Wiki-Add - 2021-4-12
Edit | Attach | Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback