ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)

7.0.35.0SID: 2003149Rev: 6Enabled1 views
Sourceet/open
Fileemerging-attack_response.rules
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationsuccessful-recon-limited
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)"; flow:established,to_server; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:successful-recon-limited; sid:2003149; rev:6; metadata:created_at 2010_07_30, confidence Medium, signature_severity Minor, updated_at 2019_07_26;)

Metadata

created at2010_07_30
confidenceMedium
signature severityMinor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!