alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; nocase; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; classtype:trojan-activity; sid:2003464; rev:5;) Added 2011-10-12 19:13:31 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; nocase; classtype:trojan-activity; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; sid:2003464; rev:5;) Added 2011-09-14 22:26:30 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; nocase; classtype:trojan-activity; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP; sid:2003464; rev:5;) Added 2011-02-04 17:22:29 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP; sid:2003464; rev:4;) Added 2010-06-15 13:15:59 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP; sid:2003464; rev:4;) Added 2010-06-15 13:15:59 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP; sid:2003464; rev:3;) Added 2009-02-06 19:00:55 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; reference:url,doc.emergingthreats.net/bin/view/Main/2003464; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP; sid:2003464; rev:3;) Added 2009-02-06 19:00:55 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:2;) Added 2008-01-23 10:46:27 UTC
alert tcp any 21 -> $HOME_NET any (msg:"ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:2;) Added 2008-01-23 10:46:27 UTC
alert tcp any 21 -> $HOME_NET any (msg:"BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:1;) Auto-added on 2007-03-06 16:32:09 UTC
alert tcp any 21 -> $HOME_NET any (msg:"BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:1;) Auto-added on 2007-03-05 23:53:04 UTC
alert tcp any 21 -> $HOME_NET any (msg:"BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:1;) Auto-added on 2007-03-05 23:52:48 UTC
alert tcp any 21 -> $HOME_NET any (msg:"BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:1;) Auto-added on 2007-03-05 23:52:24 UTC
alert tcp any 21 -> $HOME_NET any (msg:"BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner (warFTPd)"; flow:established,from_server; content:"220 "; content:"--warFTPd "; depth:40; distance:0; nocase; classtype:trojan-activity; reference:url,www.warftp.org; sid:2003464; rev:1;) Auto-added on 2007-03-05 23:49:20 UTC
For sessions that look like so: 220 ---freeFTPd 1.0---warFTPd 1.65--- USER username 331 User OK, Password required PASS password 530 Authentication failed, sorry QUIT -- MattJonkman - 05 Mar 2007
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r2 - 2007-03-05 - MattJonkman
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats