[Silicon Defense logo]

SnortSnarf signature page

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

SnortSnarf v021111.1

Signature section (933)Top 20 source IPsTop 20 dest IPs

240 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 21:09:52.105463 on 09/30/2020
Latest such alert at 05:07:31.152852 on 09/28/2021

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt 239 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:46624] [CVE:2018-10562]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
91.234.62.312211
180.127.114.1741111
180.188.249.1821111
103.19.249.1501111
222.140.109.791111
182.219.86.1181111
143.0.247.1081111
116.3.142.1311111
59.99.140.321111
115.51.122.1461111
42.239.11.231111
120.69.115.2281111
178.72.78.281111
223.155.81.111111
103.117.152.601111
139.205.231.2331111
49.115.64.1491111
61.2.151.2221111
222.142.238.1781111
175.11.191.2451111
115.48.209.1301111
91.234.62.2421111
119.187.106.1801111
120.85.119.2381111
219.154.191.861111
222.139.84.2171111
114.228.116.1651111
202.83.42.1911111
172.95.161.661111
222.247.105.741111
182.112.28.1131111
202.164.139.631111
186.33.122.411111
39.74.9.2461111
111.39.71.2191111
185.174.195.1331111
202.83.45.191111
115.99.221.2021111
177.223.58.1621111
153.101.240.991111
112.94.97.781111
203.212.251.1731111
111.92.80.451111
42.224.244.581111
116.68.98.2351111
178.175.63.1921111
218.57.69.981111
49.89.223.801111
123.130.52.1561111
222.247.249.261111
222.244.166.1441111
112.239.101.2011111
178.175.49.2181111
66.38.90.201111
178.175.88.2461111
173.63.104.871111
222.138.17.451111
101.0.49.2401111
175.169.27.2291111
120.85.117.2481111
116.114.95.2011111
59.99.42.581111
178.175.9.2281111
203.212.237.851111
182.112.76.1831111
115.52.201.1451111
91.234.62.1651111
120.85.112.1371111
59.99.194.1781111
112.255.86.301111
222.247.6.1741111
120.85.196.101111
118.250.153.161111
120.85.98.361111
163.125.242.1001111
202.164.139.1961111
178.72.78.2511111
119.182.56.1521111
60.214.52.1531111
178.72.68.2541111
178.175.118.181111
203.115.85.2171111
103.66.209.2341111
58.249.81.1861111
111.43.223.191111
115.52.244.1811111
27.194.12.1721111
178.175.106.2051111
117.208.132.1661111
222.244.166.1651111
117.251.61.111111
42.231.106.2411111
27.35.2.301111
222.247.180.1041111
162.212.115.1581111
115.97.67.121111
79.101.58.721111
94.51.100.1281111
120.85.119.891111
189.51.100.191111
123.9.196.271111
117.196.27.1441111
27.222.209.91111
175.5.79.1511111
116.75.70.2061111
82.202.75.51111
42.236.150.1401111
123.5.191.2291111
113.170.99.1121111
27.38.61.291111
61.163.128.651111
222.244.167.1281111
120.85.116.221111
123.10.229.361111
125.99.237.2291111
61.242.54.1421111
112.122.61.2211111
59.94.194.11111
117.254.147.1441111
178.175.105.2261111
42.224.154.1331111
59.92.19.821111
222.137.154.1411111
49.81.99.1371111
118.250.154.361111
120.86.239.1791111
119.123.174.1781111
116.68.97.611111
178.72.71.2191111
115.59.222.1901111
49.143.32.61111
116.132.167.1471111
223.149.253.1481111
153.34.44.1571111
123.12.180.2021111
182.57.210.1651111
123.5.153.51111
59.96.24.1981111
31.146.129.1741111
112.27.123.1731111
115.55.4.871111
112.236.68.1191111
219.157.20.841111
45.71.218.691111
117.196.74.101111
182.119.250.1501111
122.199.125.2481111
171.125.156.2401111
27.203.87.751111
197.50.215.1551111
178.175.89.1231111
27.7.198.191111
42.230.23.821111
120.193.91.1991111
115.49.17.2541111
120.85.116.1641111
177.161.82.1951111
111.38.123.1971111
178.72.70.1451111
115.63.1.1431111
178.175.81.2411111
27.216.90.1661111
112.241.187.2351111
58.252.180.241111
123.146.0.2401111
178.175.63.1211111
202.164.138.2001111
27.217.30.81111
222.134.162.421111
222.247.235.2271111
119.165.38.1861111
39.68.110.131111
117.90.42.461111
202.164.138.2251111
58.249.78.1741111
61.242.58.2041111
120.34.24.141111
94.43.139.1421111
182.123.241.941111
117.194.165.111111
157.61.213.2261111
175.11.215.1591111
115.49.146.961111
111.40.111.2021111
120.85.118.2301111
183.130.59.1861111
42.235.70.1821111
202.164.139.2421111
222.247.12.2261111
45.229.55.131111
203.198.131.471111
218.21.171.1941111
112.94.97.741111
123.8.251.2161111
222.247.9.381111
112.251.21.1531111
36.113.196.1391111
117.251.18.1571111
112.94.99.601111
27.197.95.1351111
91.234.62.171111
95.32.216.131111
178.175.75.821111
112.248.154.411111
112.30.110.621111
222.244.252.341111
27.40.116.1881111
122.6.162.2441111
103.41.56.611111
45.229.55.371111
124.135.39.2491111
42.233.94.2541111
178.175.20.1701111
115.56.133.691111
27.206.185.261111
202.164.138.2401111
182.113.203.951111
112.27.126.2431111
222.247.2.1961111
178.175.97.1471111
125.41.13.2431111
117.201.201.2461111
117.196.69.911111
112.94.100.2191111
114.234.159.2181111
27.194.150.2391111
183.188.104.2141111
125.47.250.771111
178.175.47.981111
120.85.112.2531111
14.176.152.2071111
103.84.240.2321111
171.38.147.2051111
27.219.172.1751111
78.181.237.411111
61.54.174.2211111
177.93.67.2261111
103.41.26.1571111
223.155.153.821111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.38240929239557

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 28 08:01:02 2021