SnortSnarf signature page

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

SnortSnarf v021111.1

Signature section (694)

Top 20 source IPs

Top 20 dest IPs

82 alerts with this signature using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest such alert at 13:53:42.094018 on 11/30/2019
Latest such alert at 18:45:40.766665 on 11/24/2020

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt	81 sources	1 destinations
Priority: 1	Classification: Web Application Attack
[sid:46624] [CVE:2018-10562]

Sources triggering this attack signature

Source	# Alerts (sig)	# Alerts (total)	# Dsts (sig)	# Dsts (total)
91.234.62.31	2	2	1	1
115.59.222.190	1	1	1	1
180.127.114.174	1	1	1	1
223.149.253.148	1	1	1	1
222.140.109.79	1	1	1	1
182.57.210.165	1	1	1	1
123.12.180.202	1	1	1	1
182.219.86.118	1	1	1	1
115.51.122.146	1	1	1	1
42.239.11.23	1	1	1	1
31.146.129.174	1	1	1	1
112.27.123.173	1	1	1	1
223.155.81.11	1	1	1	1
222.142.238.178	1	1	1	1
61.2.151.222	1	1	1	1
49.115.64.149	1	1	1	1
91.234.62.242	1	1	1	1
222.139.84.217	1	1	1	1
197.50.215.155	1	1	1	1
202.83.42.191	1	1	1	1
27.7.198.19	1	1	1	1
27.216.90.166	1	1	1	1
185.174.195.133	1	1	1	1
111.39.71.219	1	1	1	1
39.74.9.246	1	1	1	1
115.99.221.202	1	1	1	1
202.83.45.19	1	1	1	1
177.223.58.162	1	1	1	1
123.146.0.240	1	1	1	1
203.212.251.173	1	1	1	1
218.57.69.98	1	1	1	1
123.130.52.156	1	1	1	1
117.90.42.46	1	1	1	1
222.247.249.26	1	1	1	1
66.38.90.20	1	1	1	1
182.123.241.94	1	1	1	1
94.43.139.142	1	1	1	1
175.11.215.159	1	1	1	1
116.114.95.201	1	1	1	1
115.49.146.96	1	1	1	1
111.40.111.202	1	1	1	1
203.212.237.85	1	1	1	1
182.112.76.183	1	1	1	1
183.130.59.186	1	1	1	1
91.234.62.165	1	1	1	1
112.255.86.30	1	1	1	1
202.164.139.196	1	1	1	1
203.198.131.47	1	1	1	1
218.21.171.194	1	1	1	1
123.8.251.216	1	1	1	1
60.214.52.153	1	1	1	1
111.43.223.19	1	1	1	1
36.113.196.139	1	1	1	1
115.52.244.181	1	1	1	1
27.194.12.172	1	1	1	1
117.208.132.166	1	1	1	1
91.234.62.17	1	1	1	1
95.32.216.13	1	1	1	1
222.244.252.34	1	1	1	1
103.41.56.61	1	1	1	1
222.247.180.104	1	1	1	1
162.212.115.158	1	1	1	1
124.135.39.249	1	1	1	1
79.101.58.72	1	1	1	1
115.97.67.12	1	1	1	1
27.206.185.26	1	1	1	1
115.56.133.69	1	1	1	1
116.75.70.206	1	1	1	1
182.113.203.95	1	1	1	1
123.5.191.229	1	1	1	1
61.163.128.65	1	1	1	1
222.247.2.196	1	1	1	1
125.41.13.243	1	1	1	1
222.244.167.128	1	1	1	1
114.234.159.218	1	1	1	1
123.10.229.36	1	1	1	1
125.99.237.229	1	1	1	1
49.81.99.137	1	1	1	1
118.250.154.36	1	1	1	1
177.93.67.226	1	1	1	1
223.155.153.82	1	1	1	1

Destinations receiving this attack signature

Destinations	# Alerts (sig)	# Alerts (total)	# Srcs (sig)	# Srcs (total)
192.168.0.38	82	690	81	380

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Nov 24 21:01:02 2020