alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN McAfee?/Foundstone Scanner Web Scan"; flow:established,to_server; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| Windows NT 6.1|3B| en-US)|0D 0A|"; http_header; fast_pattern:20,20; content:"|0D 0A|Accept-Encoding|3A| text|0D 0A|"; http_header; threshold: type both, count 2, seconds 120, track by_src; reference:url,www.mcafee.com/us/products/vulnerability-manager.aspx; classtype:attempted-recon; sid:2013492; rev:4; metadata:created_at 2011_08_30, updated_at 2011_08_30;)

Added 2017-08-07 21:06:48 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN McAfee?/Foundstone Scanner Web Scan"; flow:established,to_server; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| Windows NT 6.1|3B| en-US)|0D 0A|"; http_header; fast_pattern:20,20; content:"|0D 0A|Accept-Encoding|3A| text|0D 0A|"; http_header; threshold: type both, count 2, seconds 120, track by_src; reference:url,www.mcafee.com/us/products/vulnerability-manager.aspx; classtype:attempted-recon; sid:2013492; rev:3;)

Added 2011-12-19 18:45:39 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN McAfee?/Foundstone Scanner Web Scan"; flow:established,to_server; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| Windows NT 6.1|3B| en-US)|0D 0A|"; http_header; content:"|0D 0A|Accept-Encoding|3A| text|0D 0A|"; http_header; threshold: type both, count 2, seconds 120, track by_src; reference:url,www.mcafee.com/us/products/vulnerability-manager.aspx; classtype:attempted-recon; sid:2013492; rev:2;)

Added 2011-10-12 19:36:59 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN McAfee?/Foundstone Scanner Web Scan"; flow:established,to_server; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| Windows NT 6.1|3B| en-US)|0D 0A|"; http_header; content:"|0D 0A|Accept-Encoding|3A| text|0D 0A|"; http_header; threshold: type both, count 2, seconds 120, track by_src; classtype:attempted-recon; reference:url,www.mcafee.com/us/products/vulnerability-manager.aspx; sid:2013492; rev:2;)

Added 2011-08-31 10:23:42 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats