Recent Changes in Main Web retrieved at 11:22 (GMT)
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` SYSLOG Authentication failure Brute force 25/1 `; pcre: `/failed to authorize wrong password given repeated...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID Directory traversal attempt`; content: `///`; classtype: web application attack; program: squid (squid...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID `passwd` access attempt`; content: `passwd`; classtype: web application attack; program: squid (squid)...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg: ` SQUID XSS attempt`; content: ``; nocase; content: `alert`; nocase; content: `document.cookie`; nocase; content...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID Directory traversal attempt`; content: `../..`; classtype: web application attack; program: squid (squid...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID @CGIDIRScgiwrap attempt`; content: `@CGIDIRScgiwrap`; classtype: web application activity; program: squid...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID TCP DENIED invalid request`; content: `TCP DENIED`; content: `invalid request`; classtype: suspicious traffic...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID TCP DENIED unsupported request method`; content: `TCP DENIED`; content: `unsupported request method`; classtype...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID TCP DENIED`; content: `TCP DENIED`; classtype: suspicious traffic; program: squid (squid); reference: url...
alert udp $EXTERNAL NET any $HOME NET $NTP PORT (msg: ` NTP Permission denied error`; content:`permission denied`; program: ntpd initres; classtype: program error...
alert tcp $EXTERNAL NET any $HOME NET $POP3 PORT (msg:` IPOP3D Excessive login failures`; content:`Login excessive login failures`; classtype: misc attack; program...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO SDEE NBT NetBIOS Session Failed Login Brute Force 5/3 `; content: `SID: 5575 ,`; parse src ip:...
alert udp $EXTERNAL NET any $HOME NET $SNMP PORT (msg: ` CISCO SDEE SNMP Community Name Brute Force Attempt`; content: `SID: 4502 ,`; parse src ip: 1; parse dst...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO SDEE TNS Brute Force`; content: `SID: 3721 ,`; parse src ip: 1; parse dst ip: 2; parse port; program...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO SDEE MSSQL sa Account Brute Force`; content: `SID: 3720 ,`; parse src ip: 1; parse dst ip: 2; parse...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO SDEE SMTP AUTH Brute Force Attempt`; content: `SID: 3127 ,`; parse src ip: 1; parse dst ip: 2; parse...
alert syslog any any (msg: ` VSFTPD FTPCHK3 file accessed by user`; content: `ftpchk3`; pcre: `/CHMOD DELE STOR/i`; program: vsftpd; classtype: suspicious traffic...
alert syslog any any (msg: ` PUREFTPD FTPCHK3 file accessed by user`; content: `ftpchk3`; pcre: `/CHMOD DELE STOR/i`; program: pure ftpd; classtype: suspicious...
alert syslog any any (msg: ` FTPD FTPCHK3 file accessed by user`; content: `ftpchk3`; pcre: `/CHMOD DELE STOR/i`; parse src ip: 2; parse dst ip: 1; parse port...
alert tcp $EXTERNAL NET any $HOME NET 1521 (msg: ` ORACLE Brute force authentication failure 5/1 `; content: `RETURNCODE 3a 4 22 1017 22 `; after: track by...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` NGINX Nginx brute force authentication attempt 5/1 `; pcre: `/password mismatch, client was not found in/i...
alert tcp $EXTERNAL NET any $HOME NET $IMAP PORT (msg: ` IMAPD Brute force attack 5/1 `; pcre: `/Login failed user AUTHENTICATE LOGIN failure/i`; classtype:...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP Brute force Attempt 5/1 `; content: `failed to login after`; content: `sshd`; flowbits: set...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` Barracuda Brute force login attempt 5/5 `; content: `FAILED LOGIN`; program: web; parse src ip: 1; reference...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ASTERISK Brute force login session failed invalid extension 5/5 `; content: `No matching peer found`; flowbits...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ASTERISK Brute force login session failed invalid user 5/5 `; content: `Username/auth name mismatch`; flowbits...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ASTERISK Brute force login session failed 5/5 `; content: `Wrong password`; flowbits: set,brute force,...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BLUEDOT Suspicious file hash detected`; content: ` files: `; bluedot: type: file hash, Malicious; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Computer failed to receive Notifier Logo`; content: `Computer failed to receive Notifier Logo`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Exclusive access to a file was blocked because of tamper protection`; content: `Exclusive access to`...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent detected a problem`; content: `Bit9 Agent detected a problem`; parse src ip: 1; program:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Server detected revocation of certificate`; content: `Server detected revocation of certificate`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 File was identified by Bit9 Software Reputation Service as a potential risk`; content: `Bit9 Software...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent failed a health check`; content: `Bit9 Agent failed a health check`; parse src ip: 1; program...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Modification of registry was blocked`; content: `of registry`; content: `was blocked because of tamper...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Permission change was blocked`; content: `Permission change on`; content: `was blocked`; content: `Bit...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent blocked an attempt to delete file`; content: `Bit9 Agent blocked an attempt to delete`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent blocked an attempt to create file`; content: `Bit9 Agent blocked an attempt to create`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Disk configuration change detected`; content: `Disk configuration change detected`; content: `Bit9 event...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Server discovered new certificate`; content: `Server discovered new certificate`; content: `Bit9 event...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Computer reported that signature on file is invalid`; content: `reported that signature on file`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 File was executed for the first time`; content: `File`; content: `was executed for the first time`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 A new device was mounted`; content: `A new device`; content: `was mounted as drive`; content: `Bit9 event...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Non System Filemods to system32`; content: `Carbon Black process watchlist 27 Non System Filemods to...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Connection from suspicious source`; program: imapd imapd ssl; content: `Connection,`; bluedot...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Disconnect from suspicious source`; program: imapd imapd ssl; content: `DISCONNECTED,`;...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Timeout from suspicious source`; program: imapd imapd ssl; content: `TIMEOUT,`; bluedot...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Logout from suspicious source`; program: imapd imapd ssl; content: `LOGOUT,`; bluedot: reputation...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Login from suspicious source`; program: imapd imapd ssl; content: `LOGIN,`; bluedot: reputation...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE Possible unknown strain ransomware extension or note detected.`; pcre: `/ 4663: 567:...
RSS feed, ATOM feed, WebNotify, site changes, site map 
Topic revision: r5 - 2006-11-15 - TWikiContributor
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
Copyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback