ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent

SID: 2013416Rev: 131 viewsHistory

Sourceet/open

CreatedAugust 17, 2011

UpdatedApril 9, 2024

Classificationattempted-recon

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent"; flow:established,to_server; http.header; content:"TE|3a 20|deflate,gzip|3b|q=0.3|0d 0a|Connection|3a 20|TE, close|0d 0a|Host|3a 20|"; depth:53; content:"User-Agent|3a 20|"; within:100; http.user_agent; content:!"libwww-perl/"; http.request_line; content:"GET //"; fast_pattern; startswith; http.header_names; bsize:26; content:"|0d 0a|TE|0d 0a|Host|0d 0a|User-Agent|0d 0a 0d 0a|"; threshold:type threshold, track by_dst, count 10, seconds 20; classtype:attempted-recon; sid:2013416; rev:13; metadata:created_at 2011_08_17, performance_impact Moderate, confidence High, signature_severity Informational, updated_at 2024_04_09;)

Metadata

created at2011_08_17

performance impactModerate

confidenceHigh

signature severityInformational

updated at2024_04_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!