ET SCAN FOCA uri

7.0.35.0SID: 2017950Rev: 6Enabled4 views
Sourceet/open
Fileemerging-scan.rules
CreatedJanuary 10, 2014
UpdatedApril 21, 2024
Classificationattempted-recon
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN FOCA uri"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/*F0C4~1*/foca.aspx?aspxerrorpath=/"; fast_pattern; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; content:!"|0d 0a|accept|0d 0a|"; content:!"|0d 0a|connection|0d 0a|"; reference:url,blog.bannasties.com/2013/08/vulnerability-scans/; classtype:attempted-recon; sid:2017950; rev:6; metadata:created_at 2014_01_10, confidence Medium, signature_severity Informational, updated_at 2024_04_21;)

Metadata

created at2014_01_10
confidenceMedium
signature severityInformational
updated at2024_04_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!