Snort mailing list archives
Re: New rule for detecting Netgear WNR2000v5 router leaks its serial number attempt
From: Joshua Williams <joshuwi2 () sourcefire com>
Date: Wed, 1 Feb 2017 15:37:15 -0500
rmkml, Thanks for your submission. I'll review and test this and get back to you when it is finished. -- Josh Williams Detection Response Team TALOS Security Group On Wed, Feb 1, 2017 at 3:21 PM, rmkml <rmkml () ligfy org> wrote:
Hello, First, Thx you @circl_lu, Please check this new rule detecting Netgear WNR2000v5 router leaks its serial number attempt: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC Netgear WNR2000v5 router leaks its serial number attempt"; flow:to_server,established; content:"/BRS_netgear_success.html"; nocase; http_uri; reference:cve,2016-10175; reference:url,cve.circl.lu/cve/CVE-2016-10175; classtype:web-application-attack; sid:1; rev:1; ) Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- New rule for detecting Netgear WNR2000v5 router leaks its serial number attempt rmkml (Feb 01)
- Re: New rule for detecting Netgear WNR2000v5 router leaks its serial number attempt Joshua Williams (Feb 01)