ET HUNTING Suspicious Quotation Mark Usage in FTP Username
Sourceet/open
CreatedSeptember 29, 2010
UpdatedAugust 19, 2020
Classificationbad-unknown
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"ET HUNTING Suspicious Quotation Mark Usage in FTP Username"; flow:established,to_server; content:"USER "; depth:5; content:"|22|"; distance:0; pcre:"/^USER [^\r\n]*?\x22/"; reference:url,www.checkpoint.com/defense/advisories/public/2010/sbp-16-Aug.html; classtype:bad-unknown; sid:2011488; rev:3; metadata:created_at 2010_09_29, confidence Medium, signature_severity Informational, updated_at 2020_08_19;)
Metadata
created at2010_09_29
confidenceMedium
signature severityInformational
updated at2020_08_19
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!