Recent Changes in Main Web retrieved at 22:40 (GMT)
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access PHP Timeclock Page`; content:`/db.php` classtype: web application attack...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default Joomla Page`; content:`/configuration.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default Drupal DB Config File`; content:`/sites/default/settings.php` classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Possible SQL Injection`; content:` 3b ` classtype: web application attack; parse src ip:...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access robots.txt File`; content:`robots.txt` classtype: web application attack...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access PHPMyAdmin Changelog Page`; content:`/changelog.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default Cacti Login Page`; content:`/include/config.php` classtype: web...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access a Webshell via WordPress`; content:`/wp login.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default WordPress Login Page`; content:`/wp login.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Possible LFI Attempt`; content:`index.php?system ` classtype: web application attack; parse...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS RFI Attempt`; content: `index.php?cmd `; content: `page `; classtype: web application attack...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` YUBIKEY Invalid OTP`; program: yk chkpwd; content: `password check failed for user`; after: track by src,...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL WLAN sequence number out of order sequencing error/EMF interference/rogue AP`; content: `WLAN sequence...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Radio frequency threat detected`; content: `WLAN radio frequency threat detected`; classtype: exploit...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL WLAN firmware image has been updated`; content: `WLAN firmware image has been updated`; classtype...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Hardware failure Voltages Out of Tolerance`; content: `Voltages Out of Tolerance`; classtype: hardware...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Virtual Access Point is enabled`; content: `Virtual Access Point is enabled`; classtype: system event...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Virtual Access Point is disabled`; content: `Virtual Access Point is disabled`; classtype: system...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection TCP Xmas Tree dropped`; content: `TCP Xmas Tree dropped`; classtype: network...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL System clock manually updated`; content: `System clock manually updated`; classtype: system event...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection SYN Flood Mode changed by user`; content: `SYN Flood Mode changed by user to...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection SYN flood ceased or flooding machines blacklisted`; content: `SYN flood ceased...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection SYN Flood blacklisting enabled by user`; content: `SYN Flood blacklisting enabled...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Sub Seven attack dropped`; content: `Sub Seven attack dropped`; classtype:...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Striker attack dropped`; content: `Striker attack dropped`; classtype: exploit...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL VPN policy enforced`; content: `VPN enforcement`; classtype: exploit attempt; parse src ip: 1; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Spank attack dropped`; content: `Spank attack multicast packet dropped`; classtype...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Source routed IP packet dropped`; content: `Source routed IP packet dropped...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL User name too long`; content: `SonicWALL SSO agent returned user name too long`; classtype: system...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL SSO agent returned error`; content: `SonicWALL SSO agent returned error`; classtype: system event...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Domain name too long`; content: `SonicWALL SSO agent returned domain name too long`; classtype: system...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL SonicWALL SSO agent is up`; content: `SonicWALL SSO agent is up`; classtype: system event; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL SonicWALL SSO agent is down`; content: `SonicWALL SSO agent is down`; classtype: system event; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall starting up`; content: `SonicWALL initializing`; classtype: system event; parse src ip:...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall activated`; content: `SonicWALL activated`; classtype: system event; parse src ip: 1; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Senna Spy attack dropped`; content: `Senna Spy attack dropped`; classtype:...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection RST Flood`; content: `RST`; content: `Flooding machine`; classtype: attempted...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection RST Flood Blacklist`; content: `RST Flood Blacklist on IF`; classtype: attempted...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection RIPper attack dropped`; content: `RIPper attack dropped`; classtype: exploit...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall rebooting`; content: `Restarting SonicWALL`; classtype: system event; parse src ip: 1; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Sonicwall License Expired`; content: `SonicWALL`; content: `expired`; classtype: system event; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Wan Failover Possible recon`; content: `Probing suceeded on`; classtype: successful recon limited...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall Hardware Clock battery has failed`; content: `Real time clock battery failure Time values...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Wan Failover Recon attempt`; content: `Probing suceeded on`; classtype: successful recon limited...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Wan Failover Possible recon attempt`; content: `Probing failure on`; classtype: attempted recon...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Probable TCP XMAS scan detected`; content: `Probable TCP XMAS scan detected...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Probable TCP NULL scan detected`; content: `Probable TCP NULL scan detected...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Probable TCP FIN scan detected`; content: `Probable TCP FIN scan detected`...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Probable port scan detected`; content: `Probable port scan detected`; classtype...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Priority attack dropped`; content: `Priority attack dropped`; classtype: exploit...
RSS feed, ATOM feed, WebNotify, site changes, site map 
Topic revision: r5 - 2006-11-15 - TWikiContributor
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback