alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN Positive Technologies XSpider Security Scanner User-Agent (PTX)"; flow:to_server,established; content:"PTX|0d 0a|"; http_header; fast_pattern:only; pcre:"/^User-Agent\x3a[^\n]+PTX\r$/Hm"; reference:url,www.securitylab.ru/forum/forum16/topic26800/; classtype:attempted-recon; sid:2013779; rev:4; metadata:created_at 2011_10_19, updated_at 2011_10_19;)

Added 2017-08-07 21:07:03 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Positive Technologies XSpider Security Scanner User-Agent (PTX)"; flow:to_server,established; content:"PTX|0d 0a|"; http_header; fast_pattern:only; pcre:"/^User-Agent\x3a[^\n]+PTX\r$/Hm"; reference:url,www.securitylab.ru/forum/forum16/topic26800/; classtype:attempted-recon; sid:2013779; rev:3;)

Added 2012-07-16 19:40:05 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN Positive Technologies XSpider Security Scanner User-Agent (PTX)"; flow:to_server,established; content:"PTX"; http_header; fast_pattern:only; pcre:"/User-Agent\x3a[^\n]+PTX/H"; reference:url,www.securitylab.ru/forum/forum16/topic26800/; classtype:attempted-recon; sid:2013779; rev:2;)

Added 2011-10-19 18:51:47 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats