ET SCAN Redis SSH Key Overwrite Probing

SID: 2023510Rev: 20 views
History
Sourceet/open
CreatedJuly 7, 2016
UpdatedJuly 26, 2019
Classificationmisc-attack
alert tcp $EXTERNAL_NET any -> $HOME_NET 6379 (msg:"ET SCAN Redis SSH Key Overwrite Probing"; flow:to_server,established; content:"*"; depth:1; content:"config"; content:"set"; distance:0; content:"dir"; distance:0; content:"/.ssh"; distance:0; isdataat:!5,relative; reference:url,antirez.com/news/96; classtype:misc-attack; sid:2023510; rev:2; metadata:attack_target Client_Endpoint, created_at 2016_07_07, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Minor, tag SCAN_Redis_SSH, updated_at 2019_07_26;)

References

urlantirez.com/news/96

Metadata

attack targetClient_Endpoint
created at2016_07_07
deploymentDatacenter
performance impactLow
confidenceMedium
signature severityMinor
tagSCAN_Redis_SSH
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!