[Silicon Defense logo]

SnortSnarf signature page

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

SnortSnarf v021111.1

Signature section (773)Top 20 source IPsTop 20 dest IPs

124 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 19:28:22.552757 on 03/04/2020
Latest such alert at 08:25:45.341677 on 02/28/2021

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt 123 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:46624] [CVE:2018-10562]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
91.234.62.312211
115.59.222.1901111
178.72.71.2191111
180.127.114.1741111
103.19.249.1501111
223.149.253.1481111
222.140.109.791111
182.57.210.1651111
123.12.180.2021111
153.34.44.1571111
182.219.86.1181111
59.96.24.1981111
59.99.140.321111
115.51.122.1461111
42.239.11.231111
31.146.129.1741111
112.27.123.1731111
223.155.81.111111
45.71.218.691111
103.117.152.601111
49.115.64.1491111
61.2.151.2221111
222.142.238.1781111
122.199.125.2481111
182.119.250.1501111
115.48.209.1301111
91.234.62.2421111
119.187.106.1801111
120.85.119.2381111
222.139.84.2171111
197.50.215.1551111
114.228.116.1651111
202.83.42.1911111
27.7.198.191111
115.49.17.2541111
120.193.91.1991111
177.161.82.1951111
27.216.90.1661111
186.33.122.411111
39.74.9.2461111
111.39.71.2191111
185.174.195.1331111
202.83.45.191111
115.99.221.2021111
177.223.58.1621111
123.146.0.2401111
203.212.251.1731111
202.164.138.2001111
111.92.80.451111
42.224.244.581111
218.57.69.981111
222.247.235.2271111
117.90.42.461111
123.130.52.1561111
222.247.249.261111
222.244.166.1441111
58.249.78.1741111
66.38.90.201111
182.123.241.941111
94.43.139.1421111
175.11.215.1591111
116.114.95.2011111
115.49.146.961111
111.40.111.2021111
203.212.237.851111
182.112.76.1831111
183.130.59.1861111
120.85.118.2301111
91.234.62.1651111
42.235.70.1821111
112.255.86.301111
222.247.6.1741111
202.164.139.1961111
203.198.131.471111
218.21.171.1941111
60.214.52.1531111
123.8.251.2161111
112.94.97.741111
178.175.118.181111
103.66.209.2341111
111.43.223.191111
112.251.21.1531111
36.113.196.1391111
115.52.244.1811111
27.194.12.1721111
95.32.216.131111
91.234.62.171111
117.208.132.1661111
27.197.95.1351111
112.94.99.601111
222.244.252.341111
112.30.110.621111
222.247.180.1041111
103.41.56.611111
162.212.115.1581111
124.135.39.2491111
115.97.67.121111
79.101.58.721111
27.206.185.261111
115.56.133.691111
175.5.79.1511111
116.75.70.2061111
82.202.75.51111
182.113.203.951111
123.5.191.2291111
61.163.128.651111
222.247.2.1961111
125.41.13.2431111
222.244.167.1281111
114.234.159.2181111
112.94.100.2191111
123.10.229.361111
125.99.237.2291111
27.194.150.2391111
125.47.250.771111
42.224.154.1331111
222.137.154.1411111
49.81.99.1371111
118.250.154.361111
119.123.174.1781111
177.93.67.2261111
103.41.26.1571111
223.155.153.821111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.38124769123431

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Sun Feb 28 19:01:01 2021