Changeset 1735

Show
Ignore:
Timestamp:
11/29/06 23:52:12 (2 years ago)
Author:
mbr
Message:

added 'MISC Radmin Default install options attempt' signature

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • psad/trunk/signatures

    r1734 r1735  
    129129alert tcp $EXTERNAL_NET any -> $HOME_NET 1417 (msg:"MISC Insecure TIMBUKTU communication attempt"; flags:S; reference:arachnids,229; classtype:bad-unknown; sid:505; psad_id:100072; psad_dl:2;) 
    130130alert tcp $EXTERNAL_NET any -> $HOME_NET 5631:5632 (msg:"MISC PCAnywhere communication attempt"; flags:S; classtype:attempted-admin; psad_id:100073; psad_dl:2; psad_derived_sids:507,512;) 
    131 alert tcp $EXTERNAL_NET any -> $HOME_NET 5900 (msg:"MISC VNC communication attempt"; flags:S; reference:url,http://isc.sans.org/port_details.php?port=5900; reference:url,http://secunia.com/advisories/20107; classtype:attempted-admin; psad_id:100202; psad_dl:2;) 
    132 alert tcp $EXTERNAL_NET any -> $HOME_NET 7212 (msg:"MISC Ghostsurf communication attempt"; flags:S; reference:url,http://isc.sans.org/port_details.php?port=7212; reference:url,http://www.tenebril.com/src/advisories/open-proxy-relay.php; classtype:misc-activity; psad_id:100203; psad_dl:2;) 
     131alert tcp $EXTERNAL_NET any -> $HOME_NET 5900 (msg:"MISC VNC communication attempt"; flags:S; reference:url,isc.sans.org/port_details.php?port=5900; reference:url,secunia.com/advisories/20107; classtype:attempted-admin; psad_id:100202; psad_dl:2;) 
     132alert tcp $EXTERNAL_NET any -> $HOME_NET 7212 (msg:"MISC Ghostsurf communication attempt"; flags:S; reference:url,isc.sans.org/port_details.php?port=7212; reference:url,www.tenebril.com/src/advisories/open-proxy-relay.php; classtype:misc-activity; psad_id:100203; psad_dl:2;) 
     133alert tcp $EXTERNAL_NET any -> $HOME_NET 4899 (msg:"MISC Radmin Default install options attempt"; flags:S; reference:url,isc.sans.org/port_details.php?port=4899; reference:url,archives.neohapsis.com/archives/vulnwatch/2002-q3/0099.html; classtype:attempted-admin; psad_id:100204; psad_dl:2;) 
    133134#alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"MISC Tiny Fragments"; dsize:< 25; fragbits:M; classtype:bad-unknown; sid:100; psad_id:100000; psad_dl:2;) 
    134135alert udp $EXTERNAL_NET any -> $HOME_NET 1900 (msg:"SCAN UPnP communication attempt"; classtype:misc-attack; psad_dsize:>8; psad_id:100074; psad_dl:2; psad_derived_sids:1917,1384,1388;)