Recent Changes in Main Web retrieved at 18:38 (GMT)

alert tcp $HOME NET any $EXTERNAL NET 6697 (msg: ` NFCAPD Possible IRC detected 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6697, protocol 3a TCP,...
alert tcp $HOME NET any $EXTERNAL NET 6667 (msg: ` NFCAPD Possible IRC detected 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6667, protocol 3a TCP,...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Account locked out (ADMINISTRATOR)`; pcre: `/ 644: 4740: /`; content: `administrator`; nocase...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` CISCO ACS Failed Login Attempt Brute force CisACS 5/5 `; program: CisACS 02 FailedAuth; parse src ip:...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` FATPIPE Login Failed Brute Force 5/5 `; content: `Login 3a Attempt Failed`; classtype: unsuccessful...
drop tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH SYSLOG Authentication failure Brute force 5/5 `; content: `ssh 3a failed login attempt`; flowbits...
alert udp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Black POS Malware Detected 5/5 `; pcre: `/ 4657: 567: 4688: 592: /`; content: `POSWDS...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` LINUX KERNEL I/O error`; content: `I/O error, dev`; classtype: hardware event; reference: url,wiki.quadrantsec...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User account re enabled`; pcre: `/ 626: 4722: /`; content:! `$` ;program: Security ; flowbits...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User account created FLOWBIT SET `; pcre: `/ 624: 4720: /`; program: Security ; classtype:...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` SSH TECTIA SERVER Authentication Failure Brute force 5/5 `; content: `Login failure`; classtype: unsuccessful...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH GEOIP Authentication success via keyboard from outside HOME COUNTRY`; content: `Accepted keyboard...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH GEOIP Authentication success via publickey from outside HOME COUNTRY`; content: `Accepted publickey...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH GEOIP Authentication success via password from outside HOME COUNTRY`; content: `Accepted password...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS GEOIP Windows Logon outside of HOME COUNTRY`; pcre: `/ 540: 4624: /`; classtype: successful user...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO GEOIP VPN Login from outside HOME COUNTRY`; program: %ASA 6 716038; country code: track by src...
alert tcp $HOME NET any $EXTERNAL NET 13620 (msg: ` NFCAPD MALWARE Netflow Old ZeroAccess TCP port 13620 detected 5/5 `; program: nfcapd; normalize: nfcapd...
alert udp $HOME NET any $EXTERNAL NET 16471 (msg: ` NFCAPD MALWARE Netflow ZeroAccess UDP port 16471 detected 5/5 `; program: nfcapd; normalize: nfcapd; content...
alert udp $HOME NET any $EXTERNAL NET 16470 (msg: ` NFCAPD Netflow ZeroAccess UDP port 16470 detected 5/5 `; program: nfcapd; normalize: nfcapd; content: `...
alert udp $HOME NET any $EXTERNAL NET 16465 (msg: ` NFCAPD MALWARE Netflow ZeroAccess UDP port 16465 detected 5/5 `; program: nfcapd; normalize: nfcapd; content...
alert udp $HOME NET any $EXTERNAL NET 16464 (msg: ` NFCAPD MALWARE Netflow ZeroAccess UDP port 16464 detected 5/5 `; program: nfcapd; normalize: nfcapd; content...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Nmap Scripting Engine User Agent Detected (Nmap Scripting Engine)`; content: `User Agent`...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Nmap Scripting Engine User Agent Detected (Nmap NSE)`; content: `User Agent`; content: `Nmap...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0x31 Incorrect sequence number in message 25/1 `; pcre...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0x26 Incorrect net address 25/1 `; pcre: `/ 675:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0x24 Ticket and authenticator don`t match 25/1 `; pcre...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0x22 Request is a replay 25/1 `; pcre: `/ 675:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0x18 Pre authentication information was invalid...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0xC KDC policy rejects request 25/1 `; pcre: `/...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows DC Logon Failure Brute force 0x6 Client not found in Kerberos database 25/1 `; pcre...
alert udp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE ZeroAccess Malware Detected 5/5 `; content: `16471`; pcre: `/ 861: 5154: 5155: /`; threshold...
alert udp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE ZeroAccess Malware Detected 5/5 `; content: `16470`; pcre: `/ 861: 5154: 5155: /`; threshold...
alert udp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE ZeroAccess Malware Detected 5/5 `; content: `16465`; pcre: `/ 861: 5154: 5155: /`; threshold...
alert udp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE ZeroAccess Malware Detected 5/5 `; content: `16464`; pcre: `/ 861: 5154: 5155: /`; threshold...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows Brute force User Login Attempts Outside of Time Restriction 25/1 `; content: `C000006F...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows Brute force User Account Disabled 25/1 `; content: `C0000072`; nocase; pcre: `/...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows Brute force User Is Locked Out 25/1 `; content: `C0000234`; nocase; pcre: `/...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Windows Brute force User Correct but Incorrect Password 25/1 `; content: `C000006A`; nocase...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS AUTH Potential Windows User Enumeration User Name Does Not Exist Brute Force 25/1 `; content...
alert tcp $EXTERNAL NET any $HOME NET 1521 (msg: ` ORACLE Authentication Failure`; content: `RETURNCODE 3a 4 22 1017 22 `; classtype: unsuccessful user; reference...
alert tcp $EXTERNAL NET any $HOME NET any (msg: ` CISCO PIXASA TCP access denied by ACL Brute force 25/1 `; program: %ASA 3 710003; classtype: unsuccessful...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User added to Group Policy Creator Owner group`; pcre: `/ 660: 4756: /`; pcre: `/S 1 5 21 \d...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User added to Enterprise Administrators group`; pcre: `/ 660: 4756: /`; pcre: `/S 1 5 21 \d...
alert syslog $EXTERNAL NET any $HOME NET 389 (msg:` WINDOWS AUTH User added to Domain Administrators group`; pcre: `/ 632: 4728: /`; pcre: `/S 1 5 21 \d{5,...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User added to DNS Admins group`; pcre: `/ 636: 4732: /`; pcre: `/S 1 5 21 \d{5,15}\ \d{5,...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User added to Network Config Operator group`; pcre: `/ 636: 4732: /`; pcre: `/S 1 5 21 \d{...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS AUTH User account enabled`; pcre: `/ 626: 4722: /`; content:!`$ Account Domain`; 3a `; content:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO IOS Login Failed Brute Force 10/1 `; content: `SEC LOGIN 4 LOGIN FAILED`; after: track by src, count...
alert tcp $EXTERNAL NET any $HOME NET 389 (msg:` SYMANTEC EMS Multiple authentication failures`; content: `failed authentication for internal PGP Desktop`; content...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg: ` CISCO IOS Authentication Failure SSH Brute force 5/5 `; content: `%AUTHPRIV 3 SYSTEM MSG 3a `; content...

«Previous   1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16   Next»

Show 10, 20, 50, 100, 500, 1000 results per page, or show all.

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback