#alert http $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"401"; http_stat_code; threshold:type both, track by_dst, count 30, seconds 60; reference:url,doc.emergingthreats.net/2009346; classtype:attempted-recon; sid:2009346; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:29 UTC


#alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"401"; http_stat_code; threshold:type both, track by_dst, count 30, seconds 60; reference:url,doc.emergingthreats.net/2009346; classtype:attempted-recon; sid:2009346; rev:7;)

Added 2011-10-12 19:27:10 UTC


#alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"401"; http_stat_code; threshold:type both, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; sid:2009346; rev:7;)

Added 2011-09-14 22:40:32 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"401"; http_stat_code; threshold:type both, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:7;)

Added 2011-02-04 17:28:39 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type both, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:5;)

Added 2009-10-22 13:45:21 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type both, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:5;)

Added 2009-10-22 13:45:21 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type both, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:4;)

Added 2009-05-14 11:25:02 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type both, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:4;)

Added 2009-05-14 11:25:02 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type threshold, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:3;)

Added 2009-05-12 14:38:05 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type threshold, track by_dst, count 30, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:3;)

Added 2009-05-12 14:38:05 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type threshold, track by_src, count 20, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:2;)

Added 2009-05-11 17:45:36 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type threshold, track by_src, count 20, seconds 60; classtype:attempted-recon; reference:url,doc.emergingthreats.net/2009346; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_401_Unauthorized; sid:2009346; rev:2;)

Added 2009-05-11 17:45:36 UTC


alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK-RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack"; flow:from_server,established; content:"HTTP/1."; depth:7; content:" 401"; within:5; threshold:type threshold, track by_src, count 20, seconds 60; classtype:attempted-recon; sid:2009346; rev:1;)

Added 2009-05-11 09:46:23 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats