Recent Changes in Main Web retrieved at 10:12 (GMT)
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Duplicate IP address assigned to controller`; program: snmptrapd; content: ` SWITCH DETECTED DUPLICATE...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station blacklisted`; program: snmptrapd; content: ` STATION BLACKLISTED 28 `; classtype: suspicious...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station association failure`; program: snmptrapd; content: ` STATION ASSOCIATE FAIL 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station authentication failure`; program: snmptrapd; content: ` STATION AUTHENTICATION FAIL...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Internal low temperature detected!`; program: snmptrapd; content: ` SENSED TEMPERATURE LOW...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Internal high temperature detected!`; program: snmptrapd; content: ` SENSED TEMPERATURE HIGH...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP has been removed`; program: snmptrapd; content: ` ROGUE AP REMOVED 28 `; classtype: suspicious...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP on the network!`; program: snmptrapd; content: ` ROGUE AP ON NETWORK 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP or ADHOC detected`; program: snmptrapd; content: ` ROGUE AP DETECTED 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Authentication failure by local management user/MAC `; program: snmptrapd; content: ` BSN AUTHENTICATION...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME SNMP Authentication failure`; program: snmptrapd; content: ` AUTHENTICATION FAILURE 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP detected exceed theshold`; program: snmptrapd; content: ` AP MAX ROGUE COUNT EXCEEDED...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP detect and contained`; program: snmptrapd; content: ` AP CONTAINED AS ROGUE 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME BIG NAV DOS Attack`; program: snmptrapd; content: ` AP BIG NAV DOS ATTACK 28 `; classtype: attempted...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE RASWMI Malware process detected`; pcre: `/ 4688: 592: /`; content: ` 3a \Windows\system...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS EMET EMET process stopped, but not due to reboot`; pcre: `/ 4689: 593: /` ; content: `EMET Agent...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` ARTILLERY SSH brute force violation`; content: `SSH brute forcing violations`; classtype: unsuccessful user...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ARTILLERY Honeyport attack detected`; content: `detected an attack`; content: `honeypot`; parse src ip: 1;...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ARTILLERY Honeyport blocked/blacklisted address`; content: `honeypot restricted port`; content: `blocked`;...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` ARTILLERY FTP brute force violation`; content: `FTP brute forcing`; flowbits: set,brute force,86400; classtype...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg: ` BRO SSH Login By Password Guesser`; content: `SSH 3a 3a Login By Password Guesser`; program: bro; parse...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` BRO SSH Password Guessing 0/5 `; content: `SSH 3a 3a Password Guessing`; program: bro; classtype: misc...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO GEOIP FTP file transfer from outside HOME COUNTRY`; program: %ASA 6 303002; country code: track by dst...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO GEOIP FTP file transfer from outside HOME COUNTRY`; program: %ASA 6 303002; country code: track by src...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP Logon attempt using explicit credentials at suspicious time`; pcre: `/ 552: 4648: /`; content...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP RDP / Logon type 10 at suspicious time`; pcre: `/ 528: 4624: /`; content: `Logon Type 3a...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS GEOIP Windows Logon at suspicious time`; pcre: `/ 540: 4624: /`; classtype: successful user; program...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via keyboard at suspicious time`; content: `Accepted keyboard interactive...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via publickey at suspicious time`; content: `Accepted publickey`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via password at suspicious time`; content: `Accepted password`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` RIVERBED Administrator Login Failure Brute Force 5/5 `; content: `password is not recognized`; parse...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` JUNIPER VPN Login failed Brute Force 10/5 `; program: Juniper; pcre: `/ Login failed authentication...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP Logon attempt using explicit credentials from outside HOME COUNTRY`; pcre: `/ 552: 4648: /`;...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP RDP / Logon type 10 from outside HOME COUNTRY `; pcre: `/ 528: 4624: /`; content: `Logon Type...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious Tool Event`; pcre: `/ 4688: 592: /`; pcre: `/win32dd.exe win64dd.exe cachedump...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious application crash`; content: ` 4097 3a `; pcre: `/Adobe Microsoft Office Java...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Incorrect path called for explorer.exe`; pcre: `/ 4688: 592: /`; content: `\explorer.exe...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Incorrect path called for svchost.exe`; pcre: `/ 4688: 592: /`; content: `\svchost.exe`...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious misspelled process`; pcre: `/ 4688: 592: /`; pcre: `/(scvhost svcdost scvdost...
alert tcp $HOME NET any $EXTERNAL NET 23 (msg: ` NFCAPD Telnet Traffic Detected via PUSH/ACK 5/5 `; program: nfcapd; normalize: nfcapd; content: `/23, protocol...
alert tcp $HOME NET any $EXTERNAL NET 22 (msg: ` NFCAPD PUSH/ACK Traffic Detected 5/5 `; program: nfcapd; normalize: nfcapd; content: `/22, protocol 3a TCP,...
alert tcp $HOME NET any $EXTERNAL NET 7000 (msg: ` NFCAPD Possible IRC Port 7000 5/5 `; program: nfcapd; normalize: nfcapd; content: `/7000, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6999 (msg: ` NFCAPD Possible IRC Port 6669 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6669, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6998 (msg: ` NFCAPD Possible IRC Port 6668 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6668, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6666 (msg: ` NFCAPD Possible IRC Port 6666 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6666, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6665 (msg: ` NFCAPD Possible IRC Port 6665 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6665, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6664 (msg: ` NFCAPD Possible IRC Port 6664 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6664, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6663 (msg: ` NFCAPD Possible IRC Port 6663 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6663, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6662 (msg: ` NFCAPD Possible IRC Port 6662 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6662, protocol 3a TCP...
alert tcp $HOME NET any $EXTERNAL NET 6661 (msg: ` NFCAPD Possible IRC Port 6661 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6661, protocol 3a TCP...
RSS feed, ATOM feed, WebNotify, site changes, site map 
Topic revision: r5 - 2006-11-15 - TWikiContributor
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
Copyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback