Donnerstag, 17. Oktober 2013

Ruleset-Update: DLink Backdoor-Scan


[+] new sigs:
  42000325 :: web_server.rules     :: DN WEB_SERVER Dlink-Router Backdoor-Scan


#
# sid: 42000325 |  date: 2013-10-17 - 09:13:26 | maker: lazydog
#
# http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
# et: 2017590
# http://blog.erratasec.com/2013/10/that-dlink-bug-masscan.html

MainRule "str:xmlset_roodkcableoj28840ybtide" "msg:DN WEB_SERVER Dlink-Router Backdoor-Scan" "mz:$HEADERS_VAR:User-Agent" "s:$ATTACK:8" id:42000325 ;


Keine Kommentare:

Kommentar veröffentlichen